CVE-2013-4450
CVE-2013-4450, security advisory, novell, suse linux, suse, security, cve

CVE-2013-4450

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-4450 at MITRE

Description

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.96
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

This issue is currently rated as having low severity.

SUSE Bugzilla entry: 846808 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • nodejs >= 0.8.12-3.4.1
  • nodejs-debuginfo >= 0.8.12-3.4.1
  • nodejs-debugsource >= 0.8.12-3.4.1
  • nodejs-devel >= 0.8.12-3.4.1
Patchnames:
openSUSE-2013-965
openSUSE 13.1
  • nodejs >= 0.10.5-3.4.1
  • nodejs-debuginfo >= 0.10.5-3.4.1
  • nodejs-debugsource >= 0.10.5-3.4.1
  • nodejs-devel >= 0.10.5-3.4.1
Patchnames:
openSUSE-2013-965


The following information is the current evaluation information for this security issue. It might neither be accurate nor complete, Use at own risk.
Package/Codestreams planned to be updated:
nodejs: sle-studioonsite-1.3