oss-sec mailing list archives
Re: CVE for nodejs hawk
From: cve-assign () mitre org
Date: Sat, 20 Feb 2016 10:23:04 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Does Mitre know about this?
Thank you for this report. The MITRE CVE team had not previously been informed of that vulnerability. As mentioned in the http://www.openwall.com/lists/oss-security/2016/01/12/2 post, "CVE-PENDING" does not imply an earlier request.
https://nodesecurity.io/advisories/77 Regular Expression Denial of Service
https://github.com/hueniverse/hawk/issues/168 Long headers or uris can cause minor DoS
https://github.com/hueniverse/hawk/commit/0833f99ba64558525995a7e21d4093da1f3e15fa // Limit the length of uris and headers to avoid a DoS attack on string matching
Use CVE-2016-2515. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWyIRZAAoJEL54rhJi8gl5WhMP/193koIE+vRIVMuT+2yRfXhL u+ffJKUvx/K0cSY2AaB1K+T77r6OmOCKgDrwPN2d1gaZxuAA/gX3GK42Lo7Mf6Vp uVcFArlOtNTghNxlWZVP5/vjAkG7ykgrmgGZOQFUjH9KMN7xS6ocrrR+SuHVthFU p+jt1Qun+c+1F5WEWc35XV9f3XSKmcf/Cw0u7mJDXK9paWY8wDRfHhDNHQnmXB/i nEgiI+ShdjksLhsO5GWTBQYEEiRArMKYYIKNA2RXfQcANAwU5x+AYyLoYqjGkCms ABhs66NBYhLobKq92Cyz6h8urkyydLcvHnXfcwoUW1Cce+6QwmlFgnI5CuT3FO4P CuBFtwF3zNlbDP8EnjOLJDu/qQZqnoskrBD84c+f8VsKyZloS9CBhnjZzmpmvl+x wjH2/pJqhgDdlRbZKlPam/JhDVLc0cZlhySb3NZguvzeKt0Gj7NOyNH7du7p8TA0 yQPlX+MA/R5zvrWmX7cR+hhmITOIwbdX91fMn/+y293E1WKcKGEuxNtCYEmvBDET RZPleVe6xxUdzOYkbSDTytuEQcBTkU1Arnu8clNXs98mC5ujJbicAQDPsIEvT95e MR9b/6khL9z/lAYHyOC2AfxJYvexztRi6SzIAG6LX6JGFUB7YIcUoYDydrH4JyYg 7VRvjxDTRn8RUxhMWULb =IyjB -----END PGP SIGNATURE-----
Current thread:
- CVE for nodejs hawk Kurt Seifried (Feb 19)
- Re: CVE for nodejs hawk cve-assign (Feb 20)