|
|
Log in / Subscribe / Register

nodejs: two vulnerabilities

Package(s):nodejs CVE #(s):CVE-2016-2216 CVE-2016-2086
Created:February 15, 2016 Updated:February 29, 2016
Description: From the Red Hat bugzilla:

CVE-2016-2216: It was reported that HTTP header parsing in Node.js is vulnerable to response splitting attacks. While Node.js has been protecting against response splitting attacks by checking for CRLF characters, it is possible to compose response headers using Unicode characters that decompose to these characters, bypassing the checks previously in place.

CVE-2016-2086: A request smuggling vulnerability was found in Node.js that can be exploited under certain unspecified circumstances.

Alerts:
Gentoo 201612-43 nodejs 2016-12-13
openSUSE openSUSE-SU-2016:0604-1 nodejs 2016-02-29
Fedora FEDORA-2016-8925b6119f nodejs 2016-02-22
Mageia MGASA-2016-0080 nodejs 2016-02-19
Fedora FEDORA-2016-3102c11757 nodejs 2016-02-15
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds