CVE-2013-4450
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
21/10/2013
Last modified:
11/04/2025
Description
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nodejs:nodejs:0.8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nodejs:nodejs:0.8.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nodejs:nodejs:0.8.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nodejs:nodejs:0.8.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nodejs:nodejs:0.8.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nodejs:nodejs:0.8.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nodejs:nodejs:0.8.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nodejs:nodejs:0.8.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nodejs:nodejs:0.8.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nodejs:nodejs:0.8.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nodejs:nodejs:0.8.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nodejs:nodejs:0.8.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nodejs:nodejs:0.8.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nodejs:nodejs:0.8.13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nodejs:nodejs:0.8.14:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/
- http://blog.nodejs.org/2013/10/18/node-v0-8-26-maintenance/
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00051.html
- http://rhn.redhat.com/errata/RHSA-2013-1842.html
- http://www.openwall.com/lists/oss-security/2013/10/20/1
- http://www.securityfocus.com/bid/63229
- https://github.com/joyent/node/issues/6214
- https://github.com/rapid7/metasploit-framework/pull/2548
- https://groups.google.com/forum/#%21topic/nodejs/NEbweYB0ei0
- https://kb.juniper.net/JSA10783
- http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/
- http://blog.nodejs.org/2013/10/18/node-v0-8-26-maintenance/
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00051.html
- http://rhn.redhat.com/errata/RHSA-2013-1842.html
- http://www.openwall.com/lists/oss-security/2013/10/20/1
- http://www.securityfocus.com/bid/63229
- https://github.com/joyent/node/issues/6214
- https://github.com/rapid7/metasploit-framework/pull/2548
- https://groups.google.com/forum/#%21topic/nodejs/NEbweYB0ei0
- https://kb.juniper.net/JSA10783