Vulnerabilities > CVE-2015-8027 - Code vulnerability in Nodejs Node.Js

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
nodejs
CWE-17
nessus

Summary

Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201612-43.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201612-43 (Node.js: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Service condition, or conduct man-in-the-middle attacks. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id95817
    published2016-12-14
    reporterThis script is Copyright (C) 2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/95817
    titleGLSA-201612-43 : Node.js: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201612-43.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(95817);
      script_version("$Revision: 2.1 $");
      script_cvs_date("$Date: 2016/12/14 20:45:48 $");
    
      script_cve_id("CVE-2015-8027", "CVE-2016-2086", "CVE-2016-2216", "CVE-2016-5325");
      script_xref(name:"GLSA", value:"201612-43");
    
      script_name(english:"GLSA-201612-43 : Node.js: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201612-43
    (Node.js: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Node.js. Please review
          the CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could possibly cause a Denial of Service condition, or
          conduct man-in-the-middle attacks.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201612-43"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Node.js 0.12.x users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=net-libs/nodejs-0.12.17'
        All Node.js 4.6.x users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=net-libs/nodejs-4.6.1'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:nodejs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-libs/nodejs", unaffected:make_list("rge 0.12.17", "ge 4.6.1"), vulnerable:make_list("lt 4.6.1"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Node.js");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_XCODE_81.NASL
    descriptionThe version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 8.1. It is, therefore, affected by multiple remote code execution vulnerabilities in the Node.js component of the Xcode Server. An unauthenticated, remote attacker can exploit these vulnerabilities to cause a denial of service condition or the execution of arbitrary code.
    last seen2020-05-06
    modified2016-11-17
    plugin id94935
    published2016-11-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94935
    titleApple Xcode < 8.1 Node.js Multiple RCE (macOS)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(94935);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/05");
    
      script_cve_id(
        "CVE-2015-3193",
        "CVE-2015-3194",
        "CVE-2015-6764",
        "CVE-2015-8027",
        "CVE-2016-0702",
        "CVE-2016-0705",
        "CVE-2016-0797",
        "CVE-2016-1669",
        "CVE-2016-2086",
        "CVE-2016-2216"
      );
      script_bugtraq_id(
        78207,
        78209,
        78623,
        83141,
        83282,
        83754,
        83763,
        90584
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2016-10-27-1");
    
      script_name(english:"Apple Xcode < 8.1 Node.js Multiple RCE (macOS)");
    
      script_set_attribute(attribute:"synopsis", value:
    "An IDE application installed on the remote macOS or Mac OS X host is affected by multiple remote code execution
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 8.1. It is, therefore, affected
    by multiple remote code execution vulnerabilities in the Node.js component of the Xcode Server. An unauthenticated,
    remote attacker can exploit these vulnerabilities to cause a denial of service condition or the execution of arbitrary
    code.");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207268");
      # http://lists.apple.com/archives/security-announce/2016/Oct/msg00005.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a0f77052");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple Xcode version 8.1 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0705");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:xcode");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_xcode_installed.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Apple Xcode");
    
      exit(0);
    }
    
    include('vcf.inc');
    
    get_kb_item_or_exit('Host/local_checks_enabled');
    
    os = get_kb_item('Host/MacOSX/Version');
    if (empty_or_null(os))
      audit(AUDIT_OS_NOT, 'macOS or Mac OS X');
    
    app_info = vcf::get_app_info(app:'Apple Xcode');
    
    vcf::check_granularity(app_info:app_info, sig_segments:2);
    
    constraints = [
      { 'fixed_version' : '8.1' }
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-46.NASL
    descriptionThis update contains nodejs 4.2.4 and fixes the following issues : - CVE-2015-6764: unspecified out-of-bounds access vulnerability (boo#956902) - CVE-2015-8027: unspecified denial of service vulnerability (boo#956901) The following non-security bugs were fixed : - boo#948045: Nodejs 4.0 rpm does not install addon-rpm.gypi - boo#961254: common.gypi should install at /usr/share/node and npm requires nodejs-devel Also contains all upstream bug fixes and improvements in the 4.2.2, 4.2.3 and 4.2.4 releases.
    last seen2020-06-05
    modified2016-01-25
    plugin id88130
    published2016-01-25
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/88130
    titleopenSUSE Security Update : nodejs (openSUSE-2016-46)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-46.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(88130);
      script_version("2.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-6764", "CVE-2015-8027");
    
      script_name(english:"openSUSE Security Update : nodejs (openSUSE-2016-46)");
      script_summary(english:"Check for the openSUSE-2016-46 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update contains nodejs 4.2.4 and fixes the following issues :
    
      - CVE-2015-6764: unspecified out-of-bounds access
        vulnerability (boo#956902)
    
      - CVE-2015-8027: unspecified denial of service
        vulnerability (boo#956901)
    
    The following non-security bugs were fixed :
    
      - boo#948045: Nodejs 4.0 rpm does not install
        addon-rpm.gypi
    
      - boo#961254: common.gypi should install at
        /usr/share/node and npm requires nodejs-devel
    
    Also contains all upstream bug fixes and improvements in the 4.2.2,
    4.2.3 and 4.2.4 releases."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=948045"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=956901"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=956902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=961254"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected nodejs packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nodejs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nodejs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nodejs-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nodejs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:npm");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/01/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1|SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2 / 42.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"nodejs-4.2.4-9.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"nodejs-debuginfo-4.2.4-9.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"nodejs-debugsource-4.2.4-9.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"nodejs-devel-4.2.4-9.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"nodejs-4.2.4-9.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"nodejs-debuginfo-4.2.4-9.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"nodejs-debugsource-4.2.4-9.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"nodejs-devel-4.2.4-9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"nodejs-4.2.4-15.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"nodejs-debuginfo-4.2.4-15.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"nodejs-debugsource-4.2.4-15.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"nodejs-devel-4.2.4-15.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"npm-4.2.4-15.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nodejs / nodejs-debuginfo / nodejs-debugsource / nodejs-devel / npm");
    }