Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2012-2330

The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.0%
CVSS Severity
CVSS v2 Score 6.4
Products affected by CVE-2012-2330
  • Nodejs » Nodejs » Version: 0.6.16
    cpe:2.3:a:nodejs:nodejs:0.6.16
  • Nodejs » Nodejs » Version: 0.7.0
    cpe:2.3:a:nodejs:nodejs:0.7.0
  • Nodejs » Nodejs » Version: 0.7.1
    cpe:2.3:a:nodejs:nodejs:0.7.1
  • Nodejs » Nodejs » Version: 0.7.2
    cpe:2.3:a:nodejs:nodejs:0.7.2
  • Nodejs » Nodejs » Version: 0.7.3
    cpe:2.3:a:nodejs:nodejs:0.7.3
  • Nodejs » Nodejs » Version: 0.7.4
    cpe:2.3:a:nodejs:nodejs:0.7.4
  • Nodejs » Nodejs » Version: 0.7.5
    cpe:2.3:a:nodejs:nodejs:0.7.5
  • Nodejs » Nodejs » Version: 0.7.6
    cpe:2.3:a:nodejs:nodejs:0.7.6
  • Nodejs » Nodejs » Version: 0.7.7
    cpe:2.3:a:nodejs:nodejs:0.7.7


Products
Pricing
Contact Us

Shodan ® - All rights reserved