Aug 4, 2020 8:00 pm EDT
Categorized: High Severity
Share this post:
Node.js http-proxy module is vulnerable to a denial of service. By sending a specially crafted HTTP request with an overly long body, a remote attacker could exploit this vulnerability to trigger an ERR_HTTP_HEADERS_SENT unhandled exception and crash the server.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| Asset Repository in IBM Cloud Pak for Integration (CP4I) | 2.2.0 (CP4I 2019.3.2.2) |
| Asset Repository in IBM Cloud Pak for Integration (CP4I) | 4.0.0 (CP4I 2020.1.1) |
| Asset Repository in IBM Cloud Pak for Integration (CP4I) | 2020.2.1-0 (CP4I 2020.2.1) |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6255986
from IBM Product Security Incident Response Team https://ift.tt/3guTgX2
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.