CVE-2019-15606

Exploit

EPSS 2.29%
Veröffentlicht 07.02.2020 15:15:11
Zuletzt bearbeitet 21.11.2024 04:29:07
Quelle support@hackerone.com
Teams Watchlist Login
Unerledigt Login

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 19

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nodejs ≫ Node.Js SwEditionlts Version >= 10.0.0 < 10.19.0

Nodejs ≫ Node.Js SwEditionlts Version >= 12.0.0 < 12.15.0

Nodejs ≫ Node.Js SwEdition- Version >= 13.0.0 < 13.8.0

Oracle ≫ Communications Cloud Native Core Network Function Cloud Native Environment Version1.4.0

Oracle ≫ Graalvm Version19.3.1 SwEditionenterprise

Oracle ≫ Graalvm Version20.0.0 SwEditionenterprise

Debian ≫ Debian Linux Version10.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Eus Version8.1

Opensuse ≫ Leap Version15.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.29%	0.841

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.oracle.com//security-alerts/cpujul2021.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2020.html

Third Party Advisory

https://security.gentoo.org/glsa/202003-48

Third Party Advisory

https://www.debian.org/security/2020/dsa-4669

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0573

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0579

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0597

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0602

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html

Third Party Advisory

Mailing List

https://access.redhat.com/errata/RHSA-2020:0598

Third Party Advisory

https://nodejs.org/en/blog/release/v10.19.0/

Vendor Advisory

Release Notes

https://nodejs.org/en/blog/release/v12.15.0/

Vendor Advisory

Release Notes

https://nodejs.org/en/blog/release/v13.8.0/

Vendor Advisory

https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/

Vendor Advisory

https://security.netapp.com/advisory/ntap-20200221-0004/

Third Party Advisory

https://hackerone.com/reports/730779

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-15606

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-15606

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-15606

EUVD