CPE-1E83DB62-B508-43D1-BE44-78A395629E9D Detail

CPE Details

Nodejs Node.js 6.15.1 LTS Edition

Vendor

nodejs

Product

node.js

Version

6.15.1

Created

2019-02-11
15h39 +00:00

Modified

2019-02-11
15h39 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:nodejs:node.js:6.15.1::::lts:::

Informations

Vendor

nodejs

Product

node.js

Version

6.15.1

Software Edition

lts

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2019-5739	2019-03-28 15h27 +00:00	Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.	7.5	High
CVE-2019-5737	2019-03-28 15h20 +00:00	In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1.	7.5	High
CVE-2019-1559	2019-02-27 23h00 +00:00	If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).	5.9	Medium

Nodejs Node.js 6.15.1 LTS Edition

CPE Details

CPE Name: cpe:2.3:a:nodejs:node.js:6.15.1:*:*:*:lts:*:*:*

Informations

Vendor

Product

Version

Software Edition

Related CVE

CPE Name: cpe:2.3:a:nodejs:node.js:6.15.1::::lts:::