[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2017-15010Date: (C)2017-10-04   (M)2023-12-22


A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
BID-101185
FEDORA-2019-76f1b57c1c
RHSA-2017:2912
RHSA-2017:2913
RHSA-2018:1263
RHSA-2018:1264
https://github.com/salesforce/tough-cookie/issues/92
https://nodesecurity.io/advisories/525
https://snyk.io/vuln/npm:tough-cookie:20170905

CWE    1
CWE-400
OVAL    3
oval:org.secpod.oval:def:504920
oval:org.secpod.oval:def:504830
oval:org.secpod.oval:def:116738

© SecPod Technologies