CVE-2015-8027

moderate-risk
Published 2016-01-02

Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request.

Do I need to act?

~
1.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (14)

Affected Vendors

Nodejs

References (14)

http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html
Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524
Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21972419
http://www.securityfocus.com/bid/78207
Vendor Advisory https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/
Vendor Advisory https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/
https://security.gentoo.org/glsa/201612-43
http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html
Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524
Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21972419
http://www.securityfocus.com/bid/78207
Vendor Advisory https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/
Vendor Advisory https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/
https://security.gentoo.org/glsa/201612-43
48
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 4/34 · Minimal
Exposure 18/34 · Moderate