Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2015-9241

UNKNOWN
Published 2018-05-29T20:00:00Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2015-9241. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes).

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

HackerOne

hapi node module

Affected Versions:

<11.1.3

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Denial of Service in hapi

GHSA-rc8h-3fv6-pxv8

Advisory Details

Versions of `hapi` prior to 11.1.3 are affected by a denial of service vulnerability. The vulnerability is triggered when certain input is passed into the If-Modified-Since or Last-Modified headers. This causes an 'illegal access' exception to be raised, and instead of sending a HTTP 500 error back to the sender, hapi will continue to hold the socket open until timed out (default node timeout is 2 minutes). ## Recommendation Update to v11.1.3 or later

Affected Packages

npm hapi
ECOSYSTEM: ≥0 <11.1.3

CVSS Scoring

CVSS Score

7.5

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-9241
WEB https://github.com/jfhbrook/node-ecstatic/pull/179
WEB https://github.com/hapijs/hapi/commit/aab2496e930dce5ee1ab28eecec94e0e45f03580
ADVISORY https://github.com/advisories/GHSA-rc8h-3fv6-pxv8
WEB https://www.npmjs.com/advisories/63

Advisory provided by GitHub Security Advisory Database. Published: June 7, 2018, Modified: August 31, 2020

References

https://github.com/jfhbrook/node-ecstatic/pull/179
https://github.com/hapijs/hapi/commit/aab2496e930dce5ee1ab28eecec94e0e45f03580
https://nodesecurity.io/advisories/63
Published: 2018-05-29T20:00:00Z
Last Modified: 2024-09-16T17:03:05.145Z
Copied to clipboard!