CVE-2015-8027

CVSS v3.0 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 3.34 % (92^th)

Affected Products 1

Advisories 1

Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request.

Weaknesses

CWE-17: DEPRECATED: Code

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2016-01-02 21:59:17
(8 years ago)
Updated Date: 2017-07-01 01:29:24
(7 years ago)

Affected Products

Nodejs

Node.js

Configuration #1

		CPE23	From	Up To
	Nodejs Node.js 0.12.0	cpe:2.3:a:nodejs:node.js:0.12.0
	Nodejs Node.js 0.12.1	cpe:2.3:a:nodejs:node.js:0.12.1
	Nodejs Node.js 0.12.2	cpe:2.3:a:nodejs:node.js:0.12.2
	Nodejs Node.js 0.12.3	cpe:2.3:a:nodejs:node.js:0.12.3
	Nodejs Node.js 0.12.4	cpe:2.3:a:nodejs:node.js:0.12.4
	Nodejs Node.js 0.12.5	cpe:2.3:a:nodejs:node.js:0.12.5
	Nodejs Node.js 0.12.6	cpe:2.3:a:nodejs:node.js:0.12.6
	Nodejs Node.js 0.12.7	cpe:2.3:a:nodejs:node.js:0.12.7
	Nodejs Node.js 0.12.8	cpe:2.3:a:nodejs:node.js:0.12.8
	Nodejs Node.js 4.2.0	cpe:2.3:a:nodejs:node.js:4.2.0
	Nodejs Node.js 4.2.1	cpe:2.3:a:nodejs:node.js:4.2.1
	Nodejs Node.js 4.2.2	cpe:2.3:a:nodejs:node.js:4.2.2
	Nodejs Node.js 5.0.0	cpe:2.3:a:nodejs:node.js:5.0.0
	Nodejs Node.js 5.1.0	cpe:2.3:a:nodejs:node.js:5.1.0