Vulnerability Details CVE-2017-16013
hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2017-16013
-
cpe:2.3:a:hapijs:hapi:15.0.0
-
cpe:2.3:a:hapijs:hapi:15.0.1
-
cpe:2.3:a:hapijs:hapi:15.0.2
-
cpe:2.3:a:hapijs:hapi:15.0.3
-
cpe:2.3:a:hapijs:hapi:15.1.0
-
cpe:2.3:a:hapijs:hapi:15.1.1
-
cpe:2.3:a:hapijs:hapi:15.2.0
-
cpe:2.3:a:hapijs:hapi:16.0.0
-
cpe:2.3:a:hapijs:hapi:16.0.1
-
cpe:2.3:a:hapijs:hapi:16.0.2
-
cpe:2.3:a:hapijs:hapi:16.0.3
-
cpe:2.3:a:hapijs:hapi:16.1.0