Bug 1346910 (CVE-2016-5325)
Summary: | CVE-2016-5325 nodejs: reason argument in ServerResponse#writeHead() not properly validated | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | abaron, abhgupta, apevec, avibelli, ayoung, bleanhar, cbuissar, ccoleman, chrisw, cvsbot-xmlrpc, dmcphers, gsterlin, hhorak, jbalunas, jialiu, jjoyce, jkeck, jokerman, jorton, jschluet, jshepherd, kbasil, lhh, lmeyer, lpeer, markmc, mmccomas, mrunge, nodejs-sig, piotr1212, rrajasek, sardella, sclewis, sgallagh, srevivo, tchollingsworth, tdawson, tdecacqu, thrcka, tiwillia, tkirby, zsvetlik |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | nodejs 6.7.0, nodejs 4.6.0, nodejs 0.12.16, nodejs 0.10.47 | Doc Type: | If docs needed, set a value |
Doc Text: |
It was found that the reason argument in ServerResponse#writeHead() was not properly validated. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 02:54:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1346912, 1346913, 1346914, 1382889, 1392914, 1392915, 1399557, 1399558, 1425562, 1470256, 1470257, 1470258, 1470259 | ||
Bug Blocks: | 1346916, 1394602 |
Description
Adam Mariš
2016-06-15 15:51:23 UTC
Created nodejs tracking bugs for this issue: Affects: fedora-all [bug 1346913] Affects: epel-all [bug 1346914] This issue is now public via September 2016 security releases: CVE-2016-5325: reason argument in ServerResponse#writeHead() not properly validated This is a low severity security defect that that may make HTTP response splitting possible under certain circumstances. If user-input is passed to the reason argument to writeHead() on an HTTP response, a new-line character may be used to inject additional responses. The fix for this defect introduces a new case where throw may occur when configuring HTTP responses. Users should already be adopting try/catch here. This was originally reported independently by Evan Lucas and Romain Gaucher. All versions of Node.js are affected. External References: https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ Upstream commit: 0.10.x https://github.com/nodejs/node/commit/3614a173d0a0827bb9f7a1aa65bf9ccc9c7d6784 4.x https://github.com/nodejs/node/commit/b5c57ff772aff6cdee79206a2d53da6c638cbd13 Additional details: CVE-2016-5325: reason argument in ServerResponse#writeHead() not properly validated This is a low severity security defect that that may make HTTP response splitting possible under certain circumstances. If user-input is passed to the reason argument to writeHead() on an HTTP response, a new-line character may be used to inject additional responses. The fix for this defect introduces a new case where throw may occur when configuring HTTP responses. Users should already be adopting try/catch here. This was originally reported independently by Evan Lucas and Romain Gaucher. All versions of Node.js are affected. https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.3 Red Hat OpenShift Enterprise 3.2 Red Hat OpenShift Enterprise 3.1 Via RHSA-2016:2101 https://access.redhat.com/errata/RHSA-2016:2101 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Via RHSA-2017:0002 https://rhn.redhat.com/errata/RHSA-2017-0002.html |