Lucene search
Veracode Vulnerability DatabaseVERACODE:12204HistoryJan 15, 2019 - 9:13 a.m.
Regular Expression Denial Of Service (ReDoS) Via Long String Of Semicolons
2019-01-1509:13:59
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
EPSS
0.006
Percentile
79.2%
tough-cookie is vulnerable to regular expression denial-of-service (ReDoS) attack. A malicious user can pass a long string that contains many semicolons in the Set-Cookies header, causing a regular expression to take a large amount of time, causing a denial of service condition.
Related
openvas
openvas
Fedora Update for nodejs-tough-cookie FEDORA-2016-286a8ec5b0
2016-11-14 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: nodejs-tough-cookie-2.3.1-1.fc23
2016-10-01 04:23:52
nodejs
nodejs
ReDoS via long string of semicolons
2016-07-22 19:43:01
osv
osv
CVE-2016-1000232
2018-09-05 17:29:00
ReDoS via long string of semicolons in tough-cookie
2018-10-10 18:57:02
redhatcve
redhatcve
CVE-2016-1000232
2019-11-07 04:12:52
nessus
nessus
Fedora 23 : nodejs-tough-cookie (2016-286a8ec5b0)
2016-10-06 00:00:00
Fedora 24 : nodejs-tough-cookie (2016-c0fd203d6e)
2016-08-09 00:00:00
RHEL 6 / 7 : rh-nodejs4-nodejs-tough-cookie (RHSA-2017:2912)
2024-04-27 00:00:00
nvd
nvd
CVE-2016-1000232
2018-09-05 17:29:00
cvelist
cvelist
CVE-2016-1000232
2018-09-05 17:00:00
ibm
ibm
prion
prion
Design/Logic Flaw
2018-09-05 17:29:00
cve
cve
CVE-2016-1000232
2018-09-05 17:29:00
github
github
ReDoS via long string of semicolons in tough-cookie
2018-10-10 18:57:02
redhat
redhat