CVE-2012-2330
published 2012-08-13CVE-2012-2330: The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote…
medium6.4CVSS 3.1
AVNACLAuNCPIPAN
The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nodejs | < nodejs 0.6.17~dfsg1-1 (bookworm) | nodejs 0.6.17~dfsg1-1 (bookworm) |
| nodejs | nodejs | <= 0.6.16 | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | — | — |
| nodejs | nodejs | >= 0 < 0.6.17~dfsg1-1 | 0.6.17~dfsg1-1 |
| nodejs | nodejs | >= 0 < 0.6.17~dfsg1-1 | 0.6.17~dfsg1-1 |
| nodejs | nodejs | >= 0 < 0.6.17~dfsg1-1 | 0.6.17~dfsg1-1 |
| nodejs | nodejs | >= 0 < 0.6.17~dfsg1-1 | 0.6.17~dfsg1-1 |
CVSS provenance
nvd6.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv6.4MEDIUM