| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.4 | $0-$5k | 0.00 |
Summary
A vulnerability marked as problematic has been reported in Node.js. This issue affects some unknown processing of the component HTTP Parser. Performing a manipulation of the argument Content-Length with the input 1 2 results in input validation.
This vulnerability is identified as CVE-2018-7159. The attack can be initiated remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
Details
A vulnerability classified as problematic has been found in Node.js (JavaScript Library) (the affected version is unknown). This affects an unknown code of the component HTTP Parser. The manipulation of the argument Content-Length with the input value 1 2 leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. This is going to have an impact on integrity. The summary by CVE is:
The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.
The bug was discovered 03/21/2018. The weakness was released 05/17/2018 (Website). It is possible to read the advisory at nodejs.org. This vulnerability is uniquely identified as CVE-2018-7159 since 02/15/2018. The exploitability is told to be difficult. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details of the vulnerability are known, but there is no available exploit.
The vulnerability was handled as a non-public zero-day exploit for at least 7 days. During that time the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 108738 (FreeBSD : node.js -- multiple vulnerabilities (5a9bbb6e-32d3-11e8-a769-6daaba161086)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family FreeBSD Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 171090 (OpenSUSE Security Update for nodejs4 (openSUSE-SU-2018:0967-1)).
Upgrading eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (108738). Entries connected to this vulnerability are available at VDB-117890 and VDB-117892. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.5VulDB Meta Temp Score: 4.4
VulDB Base Score: 3.7
VulDB Temp Score: 3.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.3
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 108738
Nessus Name: FreeBSD : node.js -- multiple vulnerabilities (5a9bbb6e-32d3-11e8-a769-6daaba161086)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 861558
OpenVAS Name: Fedora Update for nodejs FEDORA-2018-ecf73042e3
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
02/15/2018 🔍03/21/2018 🔍
03/28/2018 🔍
03/30/2018 🔍
05/17/2018 🔍
05/17/2018 🔍
05/17/2018 🔍
03/14/2023 🔍
Sources
Advisory: RHSA-2019:2258Status: Confirmed
Confirmation: 🔍
CVE: CVE-2018-7159 (🔍)
GCVE (CVE): GCVE-0-2018-7159
GCVE (VulDB): GCVE-100-117891
See also: 🔍
Entry
Created: 05/17/2018 22:23Updated: 03/14/2023 08:11
Changes: 05/17/2018 22:23 (72), 02/06/2020 11:49 (5), 03/14/2023 08:11 (4)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.