It was found that Node.js HTTP server was vulnerable to a Slowloris type attack. An attacker could make long lived connections by sending bytes very slowly to the server, saturating its resource and possibly resulting in a denial of service.

Mitigation

The use of a Load Balancer or a Reverse Proxy will increase the difficulty of the attack.

References

bugzilla.redhat.com/show_bug.cgi?id=1661005

www.cve.org/CVERecord?id=CVE-2018-12122 https://nvd.nist.gov/vuln/detail/CVE-2018-12122

ubuntucve 1

attackerkb 1

prion 1

veracode 1

nvd 1

cbl_mariner 1

cvelist 1

cve 1

osv 2

alpinelinux 1

hackerone 1

debiancve 1

redhatcve 1

ibm 14

openvas 11

altlinux 1

f5 1

nessus 15

nodejsblog 2

suse 3

redhat 2

freebsd 1

ubuntu 1

photon 4

mageia 1

gentoo 1

ubuntucve

CVE-2018-12122

2018-11-28 00:00:00

attackerkb

CVE-2018-12122

2018-11-28 00:00:00

prion

Design/Logic Flaw

2018-11-28 17:29:00

veracode

Denial Of Service (DoS)

2018-11-30 05:44:46

nvd

CVE-2018-12122

2018-11-28 17:29:00

cbl_mariner

CVE-2018-12122 affecting package nodejs 8.11.4-7

2021-08-11 06:39:34

cvelist

CVE-2018-12122

2018-11-28 17:00:00

cve

CVE-2018-12122

2018-11-28 17:29:00

osv

CVE-2018-12122

2018-11-28 17:29:00

nodejs vulnerabilities

2021-03-15 21:18:37

alpinelinux

CVE-2018-12122

2018-11-28 17:29:00

hackerone

Node.js: Fix for CVE-2018-12122 can be bypassed via keep-alive requests

2018-12-01 10:03:22

debiancve

CVE-2018-12122

2018-11-28 17:29:00

redhatcve

CVE-2019-5737

2020-03-01 07:37:24

ibm

Security Bulletin: Multiple vulnerabilities in Node.js and OpenSSL affect IBM Watson Assistant on IBM Cloud Private

2019-04-11 21:25:01

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud Transformation Advisor

2022-12-05 19:00:57

Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway

2019-02-20 18:30:01

openvas

Node.js Multiple Vulnerabilities (Nov 2018) - Mac OS X

2018-11-29 00:00:00

Node.js Multiple Vulnerabilities (Nov 2018) - Windows

2018-11-29 00:00:00

SUSE: Security Advisory (SUSE-SU-2019:0118-1)

2021-06-09 00:00:00

altlinux

Security fix for the ALT Linux 10 package node version 10.14.1-alt1

2018-11-30 00:00:00

K000137090 : Node.js vulnerabilities CVE-2018-12121, CVE-2018-12122, and CVE-2018-12123

2023-10-02 00:00:00

nessus

F5 Networks BIG-IP : Node.js vulnerabilities (K000137090)

2023-10-02 00:00:00

Photon OS 2.0: Nodejs PHSA-2019-2.0-0190

2024-07-22 00:00:00

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:0118-1)

2019-01-22 00:00:00

nodejsblog

February 2019 Security Releases

2019-02-28 00:00:00

November 2018 Security Releases

2018-11-28 00:00:00

suse

Security update for nodejs8 (important)

2019-01-28 00:00:00

Security update for nodejs4 (important)

2019-01-25 00:00:00

Security update for nodejs6 (important)

2019-02-22 00:00:00

redhat

(RHSA-2019:1821) Important: rh-nodejs8-nodejs security update

2019-07-22 13:09:06

(RHSA-2019:2939) Important: rh-nodejs10-nodejs security update

2019-09-30 23:10:11

freebsd

node.js -- multiple vulnerabilities

2018-11-27 00:00:00

ubuntu

Node.js vulnerabilities

2021-03-15 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0257

2019-11-20 00:00:00

Critical Photon OS Security Update - PHSA-2019-0190

2019-11-20 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0190

2019-11-20 00:00:00

mageia

Updated nodejs packages fix security vulnerabilities

2019-09-15 16:24:16

gentoo

Node.js: Multiple vulnerabilities

2020-03-20 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.006

Percentile

78.1%

JSON

Related for RH:CVE-2018-12122