oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE for nodejs hawk

From: cve-assign () mitre org
Date: Sat, 20 Feb 2016 10:23:04 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Does Mitre know about this?


Thank you for this report. The MITRE CVE team had not previously been
informed of that vulnerability. As mentioned in the
http://www.openwall.com/lists/oss-security/2016/01/12/2 post,
"CVE-PENDING" does not imply an earlier request.


https://nodesecurity.io/advisories/77
Regular Expression Denial of Service



https://github.com/hueniverse/hawk/issues/168
Long headers or uris can cause minor DoS



https://github.com/hueniverse/hawk/commit/0833f99ba64558525995a7e21d4093da1f3e15fa
// Limit the length of uris and headers to avoid a DoS attack on string matching


Use CVE-2016-2515.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWyIRZAAoJEL54rhJi8gl5WhMP/193koIE+vRIVMuT+2yRfXhL
u+ffJKUvx/K0cSY2AaB1K+T77r6OmOCKgDrwPN2d1gaZxuAA/gX3GK42Lo7Mf6Vp
uVcFArlOtNTghNxlWZVP5/vjAkG7ykgrmgGZOQFUjH9KMN7xS6ocrrR+SuHVthFU
p+jt1Qun+c+1F5WEWc35XV9f3XSKmcf/Cw0u7mJDXK9paWY8wDRfHhDNHQnmXB/i
nEgiI+ShdjksLhsO5GWTBQYEEiRArMKYYIKNA2RXfQcANAwU5x+AYyLoYqjGkCms
ABhs66NBYhLobKq92Cyz6h8urkyydLcvHnXfcwoUW1Cce+6QwmlFgnI5CuT3FO4P
CuBFtwF3zNlbDP8EnjOLJDu/qQZqnoskrBD84c+f8VsKyZloS9CBhnjZzmpmvl+x
wjH2/pJqhgDdlRbZKlPam/JhDVLc0cZlhySb3NZguvzeKt0Gj7NOyNH7du7p8TA0
yQPlX+MA/R5zvrWmX7cR+hhmITOIwbdX91fMn/+y293E1WKcKGEuxNtCYEmvBDET
RZPleVe6xxUdzOYkbSDTytuEQcBTkU1Arnu8clNXs98mC5ujJbicAQDPsIEvT95e
MR9b/6khL9z/lAYHyOC2AfxJYvexztRi6SzIAG6LX6JGFUB7YIcUoYDydrH4JyYg
7VRvjxDTRn8RUxhMWULb
=IyjB
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: