Lucene search
Veracode Vulnerability DatabaseVERACODE:12600HistoryJan 15, 2019 - 9:19 a.m.
Regular Expression Denial Of Service (ReDoS) Via Parsing Cookies
2019-01-1509:19:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
EPSS
0.013
Percentile
85.8%
tough-cookie is vulnerable to regular expression denial of service (ReDoS) attack. The vulnerability exists because the COOKIE_PAIR regular expression used to parse the cookies causes unlimited repetitions when matching input characters. By using a large cookie string, attackers can make the process hang and cause a denial of service condition.
Related
ubuntucve
ubuntucve
CVE-2017-15010
2017-10-04 00:00:00
redhat
redhat
fedora
fedora
[SECURITY] Fedora 30 Update: nodejs-tough-cookie-2.3.4-1.fc30
2019-06-12 14:48:48
nodejs
nodejs
Regular Expression Denial of Service
2017-09-08 18:07:02
veracode
veracode
Regular Expression Denial Of Service (ReDoS) Via Parsing Cookies
2017-09-06 06:29:35
osv
osv
CVE-2017-15010
2017-10-04 01:29:03
Regular Expression Denial of Service in tough-cookie
2018-07-24 20:14:39
nvd
nvd
CVE-2017-15010
2017-10-04 01:29:03
CVE-2017-16112
2020-01-27 13:15:10
cve
cve
CVE-2017-15010
2017-10-04 01:29:03
CVE-2017-16112
2020-01-27 13:15:10
nessus
nessus
Fedora 30 : nodejs-tough-cookie (2019-76f1b57c1c)
2019-06-13 00:00:00
RHEL 6 / 7 : rh-nodejs6-nodejs-tough-cookie (RHSA-2017:2913)
2024-04-27 00:00:00
RHEL 7 : Red Hat Mobile Application Platform 4.6.0 (RHSA-2018:1263)
2018-05-04 00:00:00
openvas
openvas
Fedora Update for nodejs-tough-cookie FEDORA-2019-76f1b57c1c
2019-06-13 00:00:00
debiancve
debiancve
CVE-2017-15010
2017-10-04 01:29:03
prion
prion
Design/Logic Flaw
2017-10-04 01:29:00
redhatcve
redhatcve
CVE-2017-15010
2017-10-03 15:49:16
cvelist
cvelist
CVE-2017-15010
2017-10-03 16:00:00
github
github
Regular Expression Denial of Service in tough-cookie
2018-07-24 20:14:39