Security News

CVE-2017-16138

National Vulnerability Database - Wed, 06/06/2018 - 22:29
The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.
Categories: Security News

CVE-2017-16139

National Vulnerability Database - Wed, 06/06/2018 - 22:29
jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to files with .htm and .js extensions.
Categories: Security News

CVE-2017-16140

National Vulnerability Database - Wed, 06/06/2018 - 22:29
lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16096

National Vulnerability Database - Wed, 06/06/2018 - 22:29
serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
Categories: Security News

CVE-2017-16097

National Vulnerability Database - Wed, 06/06/2018 - 22:29
tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16098

National Vulnerability Database - Wed, 06/06/2018 - 22:29
charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb, so the impact of the ReDoS is relatively low.
Categories: Security News

CVE-2017-16099

National Vulnerability Database - Wed, 06/06/2018 - 22:29
The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition.
Categories: Security News

CVE-2017-16100

National Vulnerability Database - Wed, 06/06/2018 - 22:29
dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.
Categories: Security News

CVE-2017-16101

National Vulnerability Database - Wed, 06/06/2018 - 22:29
serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
Categories: Security News

CVE-2017-16102

National Vulnerability Database - Wed, 06/06/2018 - 22:29
serverhuwenhui is a simple http server. serverhuwenhui is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
Categories: Security News

CVE-2017-16103

National Vulnerability Database - Wed, 06/06/2018 - 22:29
serveryztyzt is a simple http server. serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
Categories: Security News

CVE-2017-16104

National Vulnerability Database - Wed, 06/06/2018 - 22:29
citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16105

National Vulnerability Database - Wed, 06/06/2018 - 22:29
serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
Categories: Security News

CVE-2017-16106

National Vulnerability Database - Wed, 06/06/2018 - 22:29
tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16107

National Vulnerability Database - Wed, 06/06/2018 - 22:29
pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16108

National Vulnerability Database - Wed, 06/06/2018 - 22:29
gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16109

National Vulnerability Database - Wed, 06/06/2018 - 22:29
easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Access is constrained, however, to supported file types. Requesting a file such as /etc/passwd returns a "not supported" error.
Categories: Security News

CVE-2017-16110

National Vulnerability Database - Wed, 06/06/2018 - 22:29
weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16111

National Vulnerability Database - Wed, 06/06/2018 - 22:29
The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.
Categories: Security News

CVE-2017-16113

National Vulnerability Database - Wed, 06/06/2018 - 22:29
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.
Categories: Security News

Pages