Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 19 Oct 2013 11:43:51 -0400
From: Jonathan Rudenberg <jonathan@...anous.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: Node.js HTTP Pipelining DoS

Node.js is vulnerable to DoS when a client sends too many pipelined HTTP requests.

Links:

https://groups.google.com/forum/#!topic/nodejs/NEbweYB0ei0
http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/
http://blog.nodejs.org/2013/10/18/node-v0-8-26-maintenance/
https://github.com/joyent/node/issues/6214
https://github.com/joyent/node/commit/085dd30e93da67362f044ad1b3b6b2d997064692

This issue affects all versions of Node released before 0.10.21 and 0.8.26.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ