{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-25T00:00:00", "descriptions": [{"lang": "en", "value": "Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "IV79524", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524"}, {"name": "78207", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/78207"}, {"name": "openSUSE-SU-2016:0138", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972419"}, {"name": "GLSA-201612-43", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201612-43"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8027", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IV79524", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524"}, {"name": "78207", "refsource": "BID", "url": "http://www.securityfocus.com/bid/78207"}, {"name": "openSUSE-SU-2016:0138", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html"}, {"name": "https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/"}, {"name": "https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972419", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972419"}, {"name": "GLSA-201612-43", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201612-43"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:06:31.544Z"}, "title": "CVE Program Container", "references": [{"name": "IV79524", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524"}, {"name": "78207", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/78207"}, {"name": "openSUSE-SU-2016:0138", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972419"}, {"name": "GLSA-201612-43", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201612-43"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8027", "datePublished": "2016-01-02T21:00:00", "dateReserved": "2015-10-29T00:00:00", "dateUpdated": "2024-08-06T08:06:31.544Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC9002F9-87C4-4C7F-9BD9-430EB15CD4BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "21EF734D-9E6B-4E01-9AFE-C0B847D583A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "12606C39-6F39-4DDF-9B36-A160875B265F", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "EC4D8789-33C3-498A-857D-CC6576732C31", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "466E8851-6BE7-4716-AB16-3E985411C35C", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "E5C4DB21-F35A-4567-8B04-85DB3089CDF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*", "matchCriteriaId": "BA7E7436-117A-4F79-BA7A-2A0059BB9694", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*", "matchCriteriaId": "037511C2-3FA9-4A4C-996B-A1462C221DA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*", "matchCriteriaId": "65EEB1B9-2E75-46F4-B70C-94991D38B427", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0740684D-989A-4957-8AC1-AAB01A04E393", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "08C97202-6AEC-4B8D-B3F6-49F6AEF9CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "7EFA073A-9AC2-4162-9DDA-B6CD0AE53D3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "64F7E56E-CA65-47C3-9ADA-F13A834D3961", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "183A5888-01C5-4977-9C66-1467FFA6D457", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request."}, {"lang": "es", "value": "Node.js 0.12.x en versiones anteriores a 0.12.9, 4.x en versiones anteriores a 4.2.3 y 5.x en versiones anteriores a 5.1.1 no asegura la disponibilidad de un analizador para cada socket HTTP, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (uncaughtException e interrupci\u00f3n de servicio) a trav\u00e9s de una petici\u00f3n HTTP con pipelining."}], "id": "CVE-2015-8027", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-02T21:59:17.830", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972419"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/78207"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201612-43"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972419"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/78207"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201612-43"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-17"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "nodejs: unspecified denial of service vulnerability", "id": "1285771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285771"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request."], "name": "CVE-2015-8027", "package_state": [{"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Not affected", "package_name": "nodejs", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/a:redhat:openstack-optools:7", "fix_state": "Not affected", "package_name": "nodejs", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "nodejs010-nodejs", "product_name": "Red Hat Software Collections"}], "public_date": "2015-11-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-8027\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8027\nhttps://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/"], "statement": "This issue did not affect the versions of nodejs as shipped with Red Hat Enterprise Software Collections version 2, Red Hat OpenStack Platform and Red Hat Openshift Enterprise and Openshift Online as they do not include the vulnerable version of nodejs.", "threat_severity": "Moderate"}