Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2018
CVE-2017-16137
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
CVSS Score
5.3
EPSS Score
0.001
Published
2018-06-07
CVE-2017-16138
The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-06-07
CVE-2017-16139
jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to files with .htm and .js extensions.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
CVE-2017-16140
lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
CVE-2017-16096
serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
CVE-2017-16097
tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
CVE-2017-16098
charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb, so the impact of the ReDoS is relatively low.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-07
CVE-2017-16099
The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-07
CVE-2017-16100
dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.
CVSS Score
9.8
EPSS Score
0.056
Published
2018-06-07
CVE-2017-16101
serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved