CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
Percentile
80.9%
The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and
0.7 before 0.7.8 does not properly check the length of a string, which
allows remote attackers to obtain sensitive information (request header
contents) and possibly spoof HTTP headers via a zero length string.