CVE-2016-5325 in Node.jsinfo

Summary

CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

ID	Vulnerability	CWE	Exp	Cou	CVE
92518	Node.js ServerResponse#writeHead Split response splitting	113	Not defined	Official fix	CVE-2016-5325

Reservation

06/07/2016

Disclosure

10/10/2016

Status

Confirmed

Entries

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-5325
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-5325
CVE Details	https://www.cvedetails.com/cve/CVE-2016-5325/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!