CVE-2016-1000232

nodejs-tough-cookie: regular expression DoS via Cookie header with many semicolons

Severity Score

5.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.

NodeJS Tough-Cookie 2.2.2 contiene una vulnerabilidad de análisis de expresiones regulares en el análisis de la cabecera de cookie de petición HTTP que puede resultar en una denegación de servicio (DoS). Este ataque parece ser explotable mediante una cabecera HTTP personalizada pasada por el cliente. La vulnerabilidad parece haber sido solucionada en la versión 2.3.0.

A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse an HTTP header with many semicolons could cause the application to consume an excessive amount of CPU.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-10-27 CVE Published
2016-10-28 CVE Reserved
2024-04-24 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-400: Uncontrolled Resource Consumption

CAPEC

References (9)

URL	Tag	Source
https://access.redhat.com/security/cve/cve-2016-1000232	Third Party Advisory
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232	Third Party Advisory
https://www.npmjs.com/advisories/130	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/salesforce/tough-cookie/commit/615627206357d997d5e6ff9da158997de05235ae	2018-10-31
https://github.com/salesforce/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea696f377b1534	2018-10-31

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2016:2101	2018-10-31
https://access.redhat.com/errata/RHSA-2017:2912	2018-10-31
https://access.redhat.com/security/cve/CVE-2016-1000232	2017-10-18
https://bugzilla.redhat.com/show_bug.cgi?id=1359818	2017-10-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Salesforce Search vendor "Salesforce"		Tough-cookie Search vendor "Salesforce" for product "Tough-cookie"				>= 0.9.7 <= 2.2.2 Search vendor "Salesforce" for product "Tough-cookie" and version " >= 0.9.7 <= 2.2.2"		node.js		Affected
Ibm Search vendor "Ibm"		Api Connect Search vendor "Ibm" for product "Api Connect"				>= 5.0.6.0 <= 5.0.6.5 Search vendor "Ibm" for product "Api Connect" and version " >= 5.0.6.0 <= 5.0.6.5"		-		Affected
Ibm Search vendor "Ibm"		Api Connect Search vendor "Ibm" for product "Api Connect"				>= 5.0.7.0 <= 5.0.7.2 Search vendor "Ibm" for product "Api Connect" and version " >= 5.0.7.0 <= 5.0.7.2"		-		Affected
Ibm Search vendor "Ibm"		Api Connect Search vendor "Ibm" for product "Api Connect"				5.0.8.0 Search vendor "Ibm" for product "Api Connect" and version "5.0.8.0"		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				3.1 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.1"		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				3.2 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.2"		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				3.3 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.3"		-		Affected