7.5

CVE-2015-8027

Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NodejsNode.Js Version0.12.0
NodejsNode.Js Version0.12.1
NodejsNode.Js Version0.12.2
NodejsNode.Js Version0.12.3
NodejsNode.Js Version0.12.4
NodejsNode.Js Version0.12.5
NodejsNode.Js Version0.12.6
NodejsNode.Js Version0.12.7
NodejsNode.Js Version0.12.8
NodejsNode.Js Version4.2.0
NodejsNode.Js Version4.2.1
NodejsNode.Js Version4.2.2
NodejsNode.Js Version5.0.0
NodejsNode.Js Version5.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.36% 0.916
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html
http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21972419
Vendor Advisory
http://www.securityfocus.com/bid/78207
https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/
Vendor Advisory
https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/
Vendor Advisory
https://security.gentoo.org/glsa/201612-43