CVE-2018-12122
First published: Wed Nov 28 2018(Updated: )
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.
Credit: cve-request@iojs.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/nodejs | <6.15.1 | 6.15.1 |
| redhat/nodejs | <8.14.0 | 8.14.0 |
| redhat/nodejs | <10.14.0 | 10.14.0 |
| redhat/nodejs | <11.3.0 | 11.3.0 |
| Nodejs Node.js | >=6.0.0<6.15.1 | |
| Nodejs Node.js | >=8.0.0<8.14.0 | |
| Nodejs Node.js | >=10.0.0<10.14.0 | |
| Nodejs Node.js | >=11.0.0<11.3.0 | |
| Suse Suse Enterprise Storage | =4 | |
| SUSE SUSE Linux Enterprise Server | =12 | |
| SUSE SUSE Linux Enterprise Server | =15 | |
| Suse Suse Openstack Cloud | =7 | |
| Suse Suse Openstack Cloud | =8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1661007
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1661006
- https://github.com/nodejs/node/commit/ee618a7ab239c98d945c723a4e225bc409151736
- https://github.com/nodejs/node/commit/eb43bc04b1390ce2506144b46d081e63f7a7d5b7
- https://github.com/nodejs/node/commit/696f063c5e9157fd10859515da00fd8bd190d76d
- https://github.com/nodejs/node/commit/618eebdd175b598a06bbc4d3d1efeb85e3fa1429
- https://github.com/nodejs/node/commit/5d9005c35963c3fefc93b607dff75c1471e819d7
- https://access.redhat.com/errata/RHSA-2019:1821
- https://access.redhat.com/security/cve/cve-2018-12122
- https://access.redhat.com/errata/RHSA-2019:2939
- https://bugzilla.redhat.com/show_bug.cgi?id=1661005
- http://www.securityfocus.com/bid/106043
- https://security.gentoo.org/glsa/202003-48
Frequently Asked Questions
What is the vulnerability ID of this Node.js vulnerability?
The vulnerability ID of this Node.js vulnerability is CVE-2018-12122.
What is the title of this Node.js vulnerability?
The title of this Node.js vulnerability is 'Slowloris HTTP Denial of Service.'
What is the severity of CVE-2018-12122?
CVE-2018-12122 has a severity rating of high (7.5).
How does this vulnerability affect Node.js?
This vulnerability affects all versions of Node.js prior to 6.15.0, 8.14.0, 10.14.0, and 11.3.0.
How can I fix the CVE-2018-12122 vulnerability?
To fix the CVE-2018-12122 vulnerability, you should update Node.js to version 6.15.1, 8.14.0, 10.14.0, or 11.3.0 depending on your version.
- agent/type
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-12122
- agent/software-canonical-lookup
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/nodejs
- canonical/nodejs node.js
- version/nodejs node.js/6.0.0
- version/nodejs node.js/8.0.0
- version/nodejs node.js/10.0.0
- version/nodejs node.js/11.0.0
- vendor/suse
- canonical/suse suse enterprise storage
- version/suse suse enterprise storage/4
- canonical/suse suse linux enterprise server
- version/suse suse linux enterprise server/12
- version/suse suse linux enterprise server/15
- canonical/suse suse openstack cloud
- version/suse suse openstack cloud/7
- version/suse suse openstack cloud/8