Bug 1346910 (CVE-2016-5325) - CVE-2016-5325 nodejs: reason argument in ServerResponse#writeHead() not properly validated
Summary: CVE-2016-5325 nodejs: reason argument in ServerResponse#writeHead() not prope...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-5325
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20160613,reported=2...
Depends On: 1346912 1346913 1346914 1382889 1392914 1392915 1399557 1399558 1425562 1470256 1470257 1470258 1470259
Blocks: 1346916 1394602
TreeView+ depends on / blocked
 
Reported: 2016-06-15 15:51 UTC by Adam Mariš
Modified: 2019-07-24 14:34 UTC (History)
43 users (show)

Fixed In Version: nodejs 6.7.0, nodejs 4.6.0, nodejs 0.12.16, nodejs 0.10.47
Doc Type: If docs needed, set a value
Doc Text:
It was found that the reason argument in ServerResponse#writeHead() was not properly validated. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request.
Clone Of:
Environment:
Last Closed: 2019-06-08 02:54:57 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2101 normal SHIPPED_LIVE Moderate: nodejs and nodejs-tough-cookie security, bug fix, and enhancement update 2016-10-27 20:41:39 UTC
Red Hat Product Errata RHSA-2017:0002 normal SHIPPED_LIVE Important: rh-nodejs4-nodejs and rh-nodejs4-http-parser security update 2017-01-02 20:55:58 UTC

Description Adam Mariš 2016-06-15 15:51:23 UTC
An unspecified low-severity Node.js HTTP processing vulnerability was found and
will be fixed in latest update. Details are currently embargoed until new
releases are available.

https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/

Comment 2 Adam Mariš 2016-06-15 15:53:08 UTC
Created nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1346913]
Affects: epel-all [bug 1346914]

Comment 3 Tomas Hoger 2016-09-28 12:25:08 UTC
This issue is now public via September 2016 security releases:

CVE-2016-5325: reason argument in ServerResponse#writeHead() not properly validated

This is a low severity security defect that that may make HTTP response splitting possible under certain circumstances. If user-input is passed to the reason argument to writeHead() on an HTTP response, a new-line character may be used to inject additional responses.

The fix for this defect introduces a new case where throw may occur when configuring HTTP responses. Users should already be adopting try/catch here.

This was originally reported independently by Evan Lucas and Romain Gaucher.

All versions of Node.js are affected.

External References:

https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/

Comment 6 Kurt Seifried 2016-10-26 17:18:30 UTC
Additional details:

CVE-2016-5325: reason argument in ServerResponse#writeHead() not properly validated

This is a low severity security defect that that may make HTTP response splitting possible under certain circumstances. If user-input is passed to the reason argument to writeHead() on an HTTP response, a new-line character may be used to inject additional responses.

The fix for this defect introduces a new case where throw may occur when configuring HTTP responses. Users should already be adopting try/catch here.

This was originally reported independently by Evan Lucas and Romain Gaucher.

All versions of Node.js are affected.

https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/

Comment 7 errata-xmlrpc 2016-10-27 16:42:10 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 3.3
  Red Hat OpenShift Enterprise 3.2
  Red Hat OpenShift Enterprise 3.1

Via RHSA-2016:2101 https://access.redhat.com/errata/RHSA-2016:2101

Comment 10 errata-xmlrpc 2017-01-02 15:56:33 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS

Via RHSA-2017:0002 https://rhn.redhat.com/errata/RHSA-2017-0002.html


Note You need to log in before you can comment on or make changes to this bug.