1800366 – (CVE-2019-15606) CVE-2019-15606 nodejs: HTTP header values do not have trailing optional whitespace trimmed

Bug 1800366 (CVE-2019-15606) - CVE-2019-15606 nodejs: HTTP header values do not have trailing optional whitespace trimmed

Summary: CVE-2019-15606 nodejs: HTTP header values do not have trailing optional white...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2019-15606
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1800385 1800387 1800389 1800391 1800393 1800395 1800397 1800399 1800401 1800403
Blocks:	1800362
TreeView+	depends on / blocked

Reported:	2020-02-07 00:21 UTC by Jason Shepherd
Modified:	2021-02-16 20:39 UTC (History)
CC List:	13 users (show)
Fixed In Version:	nodejs 10.19.0, nodejs 12.15.0, nodejs 13.8.0
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in Node.js where the HTTP(s) header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTP(s) request which is validated by an upstream proxy server, but not by the Node.js HTTP(s) server.
Clone Of:
Environment:
Last Closed:	2020-02-24 15:49:49 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:0611	None	None	None	2020-02-26 11:52:38 UTC
Red Hat Product Errata	RHBA-2020:0612	None	None	None	2020-02-26 12:02:13 UTC
Red Hat Product Errata	RHBA-2020:0618	None	None	None	2020-02-26 15:00:45 UTC
Red Hat Product Errata	RHBA-2020:0626	None	None	None	2020-02-27 08:31:19 UTC
Red Hat Product Errata	RHBA-2020:0636	None	None	None	2020-02-27 15:53:25 UTC
Red Hat Product Errata	RHBA-2020:0646	None	None	None	2020-03-02 08:04:16 UTC
Red Hat Product Errata	RHBA-2020:0647	None	None	None	2020-03-02 08:01:55 UTC
Red Hat Product Errata	RHBA-2020:0648	None	None	None	2020-03-02 08:08:19 UTC
Red Hat Product Errata	RHBA-2020:0650	None	None	None	2020-03-02 10:20:42 UTC
Red Hat Product Errata	RHSA-2020:0573	None	None	None	2020-02-24 12:54:05 UTC
Red Hat Product Errata	RHSA-2020:0579	None	None	None	2020-02-25 08:36:33 UTC
Red Hat Product Errata	RHSA-2020:0597	None	None	None	2020-02-25 13:04:41 UTC
Red Hat Product Errata	RHSA-2020:0598	None	None	None	2020-02-25 13:39:27 UTC
Red Hat Product Errata	RHSA-2020:0602	None	None	None	2020-02-25 15:53:22 UTC

Description Jason Shepherd 2020-02-07 00:21:00 UTC

Optional whitespace should be trimmed from HTTP header values. Its presence may allow attackers to bypass security checks based on HTTP header values.

Comment 3 Tomas Hoger 2020-02-13 20:39:16 UTC

External References:

https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/

Comment 4 Tomas Hoger 2020-02-13 20:40:59 UTC

Upstream commit:
https://github.com/nodejs/node/commit/25b6897e8a

HackerOne report (currently not public):
https://hackerone.com/reports/730779

Fixed upstream in 10.19.0, 12.15.0, and 13.8.0:
https://nodejs.org/en/blog/release/v10.19.0/
https://nodejs.org/en/blog/release/v12.15.0/
https://nodejs.org/en/blog/release/v13.8.0/

Comment 5 errata-xmlrpc 2020-02-24 12:54:01 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0573 https://access.redhat.com/errata/RHSA-2020:0573

Comment 6 Product Security DevOps Team 2020-02-24 15:49:49 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-15606

Comment 7 errata-xmlrpc 2020-02-25 08:36:30 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0579 https://access.redhat.com/errata/RHSA-2020:0579

Comment 8 errata-xmlrpc 2020-02-25 13:04:39 UTC

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2020:0597 https://access.redhat.com/errata/RHSA-2020:0597

Comment 9 errata-xmlrpc 2020-02-25 13:39:25 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0598 https://access.redhat.com/errata/RHSA-2020:0598

Comment 10 errata-xmlrpc 2020-02-25 15:53:20 UTC

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2020:0602 https://access.redhat.com/errata/RHSA-2020:0602

Note You need to log in before you can comment on or make changes to this bug.