CVE-2018-12122

CVSS v3.1 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.56 % (78^th)

Affected Products 4

Advisories 9

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.

Weaknesses

CWE-400: Uncontrolled Resource Consumption

CVE Status: PUBLISHED
CNA: Node.js
Published Date: 2018-11-28 17:29:00
(5 years ago)
Updated Date: 2022-09-06 17:57:17
(2 years ago)

Affected Products

Nodejs

Node.js

Suse

Configuration #1

	CPE23	From	Up To
Nodejs Node.js from 6.0.0 version and prior 6.15.1 version	cpe:2.3:a:nodejs:node.js::::*:lts	>= 6.0.0	< 6.15.1
Nodejs Node.js from 8.0.0 version and prior 8.14.0 version	cpe:2.3:a:nodejs:node.js::::*:lts	>= 8.0.0	< 8.14.0
Nodejs Node.js from 10.0.0 version and prior 10.14.0 version	cpe:2.3:a:nodejs:node.js::::*:lts	>= 10.0.0	< 10.14.0
Nodejs Node.js from 11.0.0 version and prior 11.3.0 version	cpe:2.3:a:nodejs:node.js::::*:-	>= 11.0.0	< 11.3.0

Configuration #2

		CPE23	From	Up To
	Suse Enterprise Storage 4	cpe:2.3:a:suse:suse_enterprise_storage:4
	Suse Linux Enterprise Server 12	cpe:2.3:o:suse:suse_linux_enterprise_server:12
	Suse Linux Enterprise Server 15	cpe:2.3:o:suse:suse_linux_enterprise_server:15
	Suse Openstack Cloud 7	cpe:2.3:o:suse:suse_openstack_cloud:7
	Suse Openstack Cloud 8	cpe:2.3:o:suse:suse_openstack_cloud:8