CVE-2019-15606
nodejs: HTTP header values do not have trailing optional whitespace trimmed
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
Una inclusión de espacios en blanco finales en los valores de encabezado HTTP en Nodejs versiones 10, 12 y 13, causa una omisión de autorización según las comparaciones de valores de encabezado.
A flaw was found in Node.js where the HTTP(s) header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTP(s) request which is validated by an upstream proxy server, but not by the Node.js HTTP(s) server.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-08-26 CVE Reserved
- 2020-02-07 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 EPSS Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-138: Improper Neutralization of Special Elements
CAPEC
References (18)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20200221-0004 | Third Party Advisory |
|
| https://www.oracle.com//security-alerts/cpujul2021.html | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpuapr2020.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://hackerone.com/reports/730779 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html | 2024-03-07 | |
| https://access.redhat.com/errata/RHSA-2020:0573 | 2024-03-07 | |
| https://access.redhat.com/errata/RHSA-2020:0579 | 2024-03-07 | |
| https://access.redhat.com/errata/RHSA-2020:0597 | 2024-03-07 | |
| https://access.redhat.com/errata/RHSA-2020:0598 | 2024-03-07 | |
| https://access.redhat.com/errata/RHSA-2020:0602 | 2024-03-07 | |
| https://nodejs.org/en/blog/release/v10.19.0 | 2024-03-07 | |
| https://nodejs.org/en/blog/release/v12.15.0 | 2024-03-07 | |
| https://nodejs.org/en/blog/release/v13.8.0 | 2024-03-07 | |
| https://nodejs.org/en/blog/vulnerability/february-2020-security-releases | 2024-03-07 | |
| https://security.gentoo.org/glsa/202003-48 | 2024-03-07 | |
| https://www.debian.org/security/2020/dsa-4669 | 2024-03-07 | |
| https://access.redhat.com/security/cve/CVE-2019-15606 | 2020-02-25 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1800366 | 2020-02-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 10.0.0 < 10.19.0 Search vendor "Nodejs" for product "Node.js" and version " >= 10.0.0 < 10.19.0" | lts |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 12.0.0 < 12.15.0 Search vendor "Nodejs" for product "Node.js" and version " >= 12.0.0 < 12.15.0" | lts |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 13.0.0 < 13.8.0 Search vendor "Nodejs" for product "Node.js" and version " >= 13.0.0 < 13.8.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Function Cloud Native Environment Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment" | 1.4.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment" and version "1.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Graalvm Search vendor "Oracle" for product "Graalvm" | 19.3.1 Search vendor "Oracle" for product "Graalvm" and version "19.3.1" | enterprise |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Graalvm Search vendor "Oracle" for product "Graalvm" | 20.0.0 Search vendor "Oracle" for product "Graalvm" and version "20.0.0" | enterprise |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.1 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||