Vulnerabilities > CVE-2019-15605 - HTTP Request Smuggling vulnerability in multiple products

Part	Description	Count
Application	Nodejs Nodejs Node.Js 12.0.0 Nodejs Node.Js 12.1.0 Nodejs Node.Js 12.2.0 Nodejs Node.Js 12.3.0 Nodejs Node.Js 12.3.1 Nodejs Node.Js 12.4.0 Nodejs Node.Js 12.5.0 Nodejs Node.Js 12.6.0 Nodejs Node.Js 12.7.0 Nodejs Node.Js 12.8.0 Nodejs Node.Js 12.8.1 Nodejs Node.Js 12.9.0 Nodejs Node.Js 12.9.1 Nodejs Node.Js 12.10.0 Nodejs Node.Js 12.11.0 Nodejs Node.Js 12.11.1 Nodejs Node.Js 12.12.0 Nodejs Node.Js 12.13.0 Nodejs Node.Js 12.13.1 Nodejs Node.Js 12.14.0 Nodejs Node.Js 12.14.1 Nodejs Node.Js 10.0.0 Nodejs Node.Js 10.1.0 Nodejs Node.Js 10.2.0 Nodejs Node.Js 10.2.1 Nodejs Node.Js 10.3.0 Nodejs Node.Js 10.4.0 Nodejs Node.Js 10.4.1 Nodejs Node.Js 10.5.0 Nodejs Node.Js 10.6.0 Nodejs Node.Js 10.7.0 Nodejs Node.Js 10.8.0 Nodejs Node.Js 10.9.0 Nodejs Node.Js 10.10.0 Nodejs Node.Js 10.11.0 Nodejs Node.Js 10.12.0 Nodejs Node.Js 10.13.0 Nodejs Node.Js 10.14.0 Nodejs Node.Js 10.14.1 Nodejs Node.Js 10.14.2 Nodejs Node.Js 10.15.0 Nodejs Node.Js 10.15.1 Nodejs Node.Js 10.15.2 Nodejs Node.Js 10.15.3 Nodejs Node.Js 10.16.0 Nodejs Node.Js 10.16.1 Nodejs Node.Js 10.16.2 Nodejs Node.Js 10.16.3 Nodejs Node.Js 10.17.0 Nodejs Node.Js 10.18.0 Nodejs Node.Js 10.18.1 Nodejs Node.Js 13.0.0 Nodejs Node.Js 13.0.1 Nodejs Node.Js 13.1.0 Nodejs Node.Js 13.2.0 Nodejs Node.Js 13.3.0 Nodejs Node.Js 13.4.0 Nodejs Node.Js 13.5.0 Nodejs Node.Js 13.6.0 Nodejs Node.Js 13.7.0	60
Application	Redhat Redhat Software Collections 1.0	1
Application	Oracle Oracle Graalvm 20.0.0 Oracle Graalvm 19.3.1	2
OS	Debian Debian Debian Linux 10.0	1
OS	Fedoraproject Fedoraproject Fedora 30	1
OS	Opensuse Opensuse Leap 15.1	1
OS	Redhat Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux Server AUS 7.7 Redhat Enterprise Linux Server AUS 8.2 Redhat Enterprise Linux Server AUS 8.4 Redhat Enterprise Linux Server AUS 8.6 Redhat Enterprise Linux Server TUS 7.7 Redhat Enterprise Linux Server TUS 8.2 Redhat Enterprise Linux Server TUS 8.4 Redhat Enterprise Linux Server TUS 8.6 Redhat Enterprise Linux EUS 7.7 Redhat Enterprise Linux EUS 8.1 Redhat Enterprise Linux EUS 8.2 Redhat Enterprise Linux EUS 8.4 Redhat Enterprise Linux EUS 8.6	17

Common Weakness Enumeration (CWE)

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Common Attack Pattern Enumeration and Classification (CAPEC)

HTTP Request Splitting
HTTP Request Splitting (also known as HTTP Request Smuggling) is an attack pattern where an attacker attempts to insert additional HTTP requests in the body of the original (enveloping) HTTP request in such a way that the browser interprets it as one request but the web server interprets it as two. There are several ways to perform HTTP request splitting attacks. One way is to include double Content-Length headers in the request to exploit the fact that the devices parsing the request may each use a different header. Another way is to submit an HTTP request with a "Transfer Encoding: chunked" in the request header set with setRequestHeader to allow a payload in the HTTP Request that can be considered as another HTTP Request by a subsequent parsing entity. A third way is to use the "Double CR in an HTTP header" technique. There are also a few less general techniques targeting specific parsing vulnerabilities in certain web servers.
HTTP Request Smuggling
HTTP Request Smuggling results from the discrepancies in parsing HTTP requests between HTTP entities such as web caching proxies or application firewalls. Entities such as web servers, web caching proxies, application firewalls or simple proxies often parse HTTP requests in slightly different ways. Under specific situations where there are two or more such entities in the path of the HTTP request, a specially crafted request is seen by two attacked entities as two different sets of requests. This allows certain requests to be smuggled through to a second entity without the first one realizing it.

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-0573.NASL
description	An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.19.0). Security Fix(es) : * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) * nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604) * nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606) * npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775) * npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776) * npm: Global node_modules Binary Overwrite (CVE-2019-16777) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-05-21
modified	2020-02-25
plugin id	134028
published	2020-02-25
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134028
title	RHEL 8 : nodejs:10 (RHSA-2020:0573)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0573. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(134028); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/20"); script_cve_id("CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-16775", "CVE-2019-16776", "CVE-2019-16777"); script_xref(name:"RHSA", value:"2020:0573"); script_name(english:"RHEL 8 : nodejs:10 (RHSA-2020:0573)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.19.0). Security Fix(es) : * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) * nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604) * nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606) * npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775) * npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776) * npm: Global node_modules Binary Overwrite (CVE-2019-16777) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0573" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-15604" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-15605" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-15606" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-16775" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-16776" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-16777" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15605"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-packaging"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:npm"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/13"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); module_ver = get_kb_item('Host/RedHat/appstream/nodejs'); if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:10'); if ('10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver); appstreams = { 'nodejs:10': [ {'reference':'nodejs-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-debugsource-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-debugsource-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-debugsource-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-devel-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-devel-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-devel-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-docs-10.19.0-1.module+el8.0.0+5738+1362a79c', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed', 'release':'8'}, {'reference':'nodejs-packaging-17-3.module+el8+2873+aa7dfd9a', 'release':'8'}, {'reference':'npm-6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'npm-6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'npm-6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'} ], }; flag = 0; appstreams_found = 0; foreach module (keys(appstreams)) { appstream = NULL; appstream_name = NULL; appstream_version = NULL; appstream_split = split(module, sep:':', keep:FALSE); if (!empty_or_null(appstream_split)) { appstream_name = appstream_split[0]; appstream_version = appstream_split[1]; appstream = get_kb_item('Host/RedHat/appstream/' + appstream_name); } if (!empty_or_null(appstream) && appstream_version == appstream \|\| appstream_name == 'all') { appstreams_found++; foreach package_array ( appstreams[module] ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++; } } } } if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:10'); if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-debugsource / nodejs-devel / etc'); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-0455-1.NASL
description	This update for nodejs10 fixes the following issues : nodejs10 was updated to version 10.19.0. Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-18
modified	2020-02-26
plugin id	134075
published	2020-02-26
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134075
title	SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2020:0455-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:0455-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(134075); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/02"); script_cve_id("CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606"); script_name(english:"SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2020:0455-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for nodejs10 fixes the following issues : nodejs10 was updated to version 10.19.0. Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1163102" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1163103" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1163104" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-15604/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-15605/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-15606/" ); # https://www.suse.com/support/update/announcement/2020/suse-su-20200455-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ac820872" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server for SAP 15:zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-455=1 SUSE Linux Enterprise Server 15-LTSS:zypper in -t patch SUSE-SLE-Product-SLES-15-2020-455=1 SUSE Linux Enterprise Module for Web Scripting 15-SP1:zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-455=1 SUSE Linux Enterprise Module for Web Scripting 15:zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2020-455=1 SUSE Linux Enterprise High Performance Computing 15-LTSS:zypper in -t patch SUSE-SLE-Product-HPC-15-2020-455=1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:zypper in -t patch SUSE-SLE-Product-HPC-15-2020-455=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs10-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs10-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs10-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:npm10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/07"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0\|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"1", reference:"nodejs10-10.19.0-1.18.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"nodejs10-debuginfo-10.19.0-1.18.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"nodejs10-debugsource-10.19.0-1.18.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"nodejs10-devel-10.19.0-1.18.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"npm10-10.19.0-1.18.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"nodejs10-10.19.0-1.18.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"nodejs10-debuginfo-10.19.0-1.18.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"nodejs10-debugsource-10.19.0-1.18.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"nodejs10-devel-10.19.0-1.18.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"npm10-10.19.0-1.18.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"nodejs10-10.19.0-1.18.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"nodejs10-debuginfo-10.19.0-1.18.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"nodejs10-debugsource-10.19.0-1.18.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"nodejs10-devel-10.19.0-1.18.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"npm10-10.19.0-1.18.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nodejs10"); }

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2020-1359.NASL
description	A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed behind a proxy server that reuses connections. (CVE-2019-15605) Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer. (CVE-2018-12121) It was found that the http module from Node.js could accept incorrect Content-Length values, containing spaces within the value, in HTTP headers. A specially crafted client could use this flaw to possibly confuse the script, causing unspecified behavior. (CVE-2018-7159)
last seen	2020-04-30
modified	2020-04-24
plugin id	135935
published	2020-04-24
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135935
title	Amazon Linux AMI : http-parser (ALAS-2020-1359)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2020-1359. # include("compat.inc"); if (description) { script_id(135935); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/28"); script_cve_id("CVE-2018-12121", "CVE-2018-7159", "CVE-2019-15605"); script_xref(name:"ALAS", value:"2020-1359"); script_name(english:"Amazon Linux AMI : http-parser (ALAS-2020-1359)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed behind a proxy server that reuses connections. (CVE-2019-15605) Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer. (CVE-2018-12121) It was found that the http module from Node.js could accept incorrect Content-Length values, containing spaces within the value, in HTTP headers. A specially crafted client could use this flaw to possibly confuse the script, causing unspecified behavior. (CVE-2018-7159)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2020-1359.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update http-parser' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:http-parser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:http-parser-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:http-parser-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"http-parser-2.9.3-1.2.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"http-parser-debuginfo-2.9.3-1.2.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"http-parser-devel-2.9.3-1.2.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "http-parser / http-parser-debuginfo / http-parser-devel"); }

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2020-0029_HTTP-PARSER.NASL
description	The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has http-parser packages installed that are affected by a vulnerability: - HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed (CVE-2019-15605) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-05
modified	2020-06-03
plugin id	137058
published	2020-06-03
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137058
title	NewStart CGSL CORE 5.04 / MAIN 5.04 : http-parser Vulnerability (NS-SA-2020-0029)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from ZTE advisory NS-SA-2020-0029. The text # itself is copyright (C) ZTE, Inc. include('compat.inc'); if (description) { script_id(137058); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2019-15605"); script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : http-parser Vulnerability (NS-SA-2020-0029)"); script_set_attribute(attribute:"synopsis", value: "The remote machine is affected by a vulnerability."); script_set_attribute(attribute:"description", value: "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has http-parser packages installed that are affected by a vulnerability: - HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed (CVE-2019-15605) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2020-0029"); script_set_attribute(attribute:"solution", value: "Upgrade the vulnerable CGSL http-parser packages. Note that updated packages may not be available yet. Please contact ZTE for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15605"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/07"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/03"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"NewStart CGSL Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/ZTE-CGSL/release"); if (isnull(release) \|\| release !~ "^CGSL (MAIN\|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux"); if (release !~ "CGSL CORE 5.04" && release !~ "CGSL MAIN 5.04") audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04'); if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu); flag = 0; pkgs = { "CGSL CORE 5.04": [ "http-parser-2.7.1-8.el7_7.2", "http-parser-debuginfo-2.7.1-8.el7_7.2", "http-parser-devel-2.7.1-8.el7_7.2" ], "CGSL MAIN 5.04": [ "http-parser-2.7.1-8.el7_7.2", "http-parser-debuginfo-2.7.1-8.el7_7.2", "http-parser-devel-2.7.1-8.el7_7.2" ] }; pkg_list = pkgs[release]; foreach (pkg in pkg_list) if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "http-parser"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-0598.NASL
description	An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (12.16.1). Security Fix(es) : * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) * nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604) * nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-05-21
modified	2020-02-26
plugin id	134068
published	2020-02-26
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134068
title	RHEL 8 : nodejs:12 (RHSA-2020:0598)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0598. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(134068); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/20"); script_cve_id("CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606"); script_xref(name:"RHSA", value:"2020:0598"); script_name(english:"RHEL 8 : nodejs:12 (RHSA-2020:0598)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (12.16.1). Security Fix(es) : * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) * nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604) * nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0598" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-15604" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-15605" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-15606" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15605"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-packaging"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:npm"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/07"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); module_ver = get_kb_item('Host/RedHat/appstream/nodejs'); if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:12'); if ('12' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver); appstreams = { 'nodejs:12': [ {'reference':'nodejs-12.16.1-1.module+el8.1.0+5811+44509afe', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-12.16.1-1.module+el8.1.0+5811+44509afe', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-12.16.1-1.module+el8.1.0+5811+44509afe', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-debugsource-12.16.1-1.module+el8.1.0+5811+44509afe', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-debugsource-12.16.1-1.module+el8.1.0+5811+44509afe', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-debugsource-12.16.1-1.module+el8.1.0+5811+44509afe', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-devel-12.16.1-1.module+el8.1.0+5811+44509afe', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-devel-12.16.1-1.module+el8.1.0+5811+44509afe', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-devel-12.16.1-1.module+el8.1.0+5811+44509afe', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-docs-12.16.1-1.module+el8.1.0+5811+44509afe', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45', 'release':'8'}, {'reference':'nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45', 'release':'8'}, {'reference':'npm-6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'npm-6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'npm-6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe', 'cpu':'x86_64', 'release':'8', 'epoch':'1'} ], }; flag = 0; appstreams_found = 0; foreach module (keys(appstreams)) { appstream = NULL; appstream_name = NULL; appstream_version = NULL; appstream_split = split(module, sep:':', keep:FALSE); if (!empty_or_null(appstream_split)) { appstream_name = appstream_split[0]; appstream_version = appstream_split[1]; appstream = get_kb_item('Host/RedHat/appstream/' + appstream_name); } if (!empty_or_null(appstream) && appstream_version == appstream \|\| appstream_name == 'all') { appstreams_found++; foreach package_array ( appstreams[module] ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++; } } } } if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:12'); if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-debugsource / nodejs-devel / etc'); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-0579.NASL
description	An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.19.0). Security Fix(es) : * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) * nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604) * nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606) * npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775) * npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776) * npm: Global node_modules Binary Overwrite (CVE-2019-16777) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-05-21
modified	2020-02-26
plugin id	134062
published	2020-02-26
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134062
title	RHEL 8 : nodejs:10 (RHSA-2020:0579)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0579. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(134062); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/20"); script_cve_id("CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-16775", "CVE-2019-16776", "CVE-2019-16777"); script_xref(name:"RHSA", value:"2020:0579"); script_name(english:"RHEL 8 : nodejs:10 (RHSA-2020:0579)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.19.0). Security Fix(es) : * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) * nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604) * nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606) * npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775) * npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776) * npm: Global node_modules Binary Overwrite (CVE-2019-16777) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0579" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-15604" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-15605" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-15606" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-16775" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-16776" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-16777" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15605"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-packaging"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:npm"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/13"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); module_ver = get_kb_item('Host/RedHat/appstream/nodejs'); if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:10'); if ('10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver); appstreams = { 'nodejs:10': [ {'reference':'nodejs-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-debugsource-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-debugsource-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-debugsource-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-devel-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-devel-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-devel-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-docs-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'release':'8', 'epoch':'1'}, {'reference':'nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed', 'release':'8'}, {'reference':'nodejs-packaging-17-3.module+el8+2873+aa7dfd9a', 'release':'8'}, {'reference':'npm-6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'npm-6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'npm-6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'} ], }; flag = 0; appstreams_found = 0; foreach module (keys(appstreams)) { appstream = NULL; appstream_name = NULL; appstream_version = NULL; appstream_split = split(module, sep:':', keep:FALSE); if (!empty_or_null(appstream_split)) { appstream_name = appstream_split[0]; appstream_version = appstream_split[1]; appstream = get_kb_item('Host/RedHat/appstream/' + appstream_name); } if (!empty_or_null(appstream) && appstream_version == appstream \|\| appstream_name == 'all') { appstreams_found++; foreach package_array ( appstreams[module] ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++; } } } } if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:10'); if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-debugsource / nodejs-devel / etc'); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-0454-1.NASL
description	This update for nodejs8 fixes the following issues : Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-18
modified	2020-02-26
plugin id	134074
published	2020-02-26
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134074
title	SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2020:0454-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:0454-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(134074); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/02"); script_cve_id("CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606"); script_name(english:"SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2020:0454-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for nodejs8 fixes the following issues : Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1163102" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1163103" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1163104" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-15604/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-15605/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-15606/" ); # https://www.suse.com/support/update/announcement/2020/suse-su-20200454-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ddcac4e7" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server for SAP 15:zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-454=1 SUSE Linux Enterprise Server 15-LTSS:zypper in -t patch SUSE-SLE-Product-SLES-15-2020-454=1 SUSE Linux Enterprise Module for Web Scripting 15-SP1:zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-454=1 SUSE Linux Enterprise Module for Web Scripting 15:zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2020-454=1 SUSE Linux Enterprise High Performance Computing 15-LTSS:zypper in -t patch SUSE-SLE-Product-HPC-15-2020-454=1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:zypper in -t patch SUSE-SLE-Product-HPC-15-2020-454=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs8-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs8-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs8-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:npm8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/07"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0\|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"1", reference:"nodejs8-8.17.0-3.28.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"nodejs8-debuginfo-8.17.0-3.28.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"nodejs8-debugsource-8.17.0-3.28.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"nodejs8-devel-8.17.0-3.28.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"npm8-8.17.0-3.28.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"nodejs8-8.17.0-3.28.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"nodejs8-debuginfo-8.17.0-3.28.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"nodejs8-debugsource-8.17.0-3.28.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"nodejs8-devel-8.17.0-3.28.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"npm8-8.17.0-3.28.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"nodejs8-8.17.0-3.28.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"nodejs8-debuginfo-8.17.0-3.28.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"nodejs8-debugsource-8.17.0-3.28.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"nodejs8-devel-8.17.0-3.28.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"npm8-8.17.0-3.28.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nodejs8"); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-3_0-0060_NODEJS.NASL
description	An update of the nodejs package has been released.
last seen	2020-03-17
modified	2020-02-25
plugin id	133956
published	2020-02-25
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133956
title	Photon OS 3.0: Nodejs PHSA-2020-3.0-0060
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2020-3.0-0060. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(133956); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606"); script_name(english:"Photon OS 3.0: Nodejs PHSA-2020-3.0-0060"); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the nodejs package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-60.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15606"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/07"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:nodejs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 3\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"nodejs-13.8.0-1.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"nodejs-debuginfo-13.8.0-1.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"nodejs-devel-13.8.0-1.ph3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nodejs"); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-1_0-0289_NODEJS10.NASL
description	An update of the nodejs10 package has been released.
last seen	2020-04-30
modified	2020-04-28
plugin id	136036
published	2020-04-28
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136036
title	Photon OS 1.0: Nodejs10 PHSA-2020-1.0-0289
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2020-1.0-0289. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(136036); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/29"); script_cve_id("CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606"); script_name(english:"Photon OS 1.0: Nodejs10 PHSA-2020-1.0-0289"); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the nodejs10 package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-289.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15606"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/07"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/28"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:nodejs10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 1\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"nodejs10-10.19.0-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"nodejs10-debuginfo-10.19.0-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"nodejs10-devel-10.19.0-1.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nodejs10"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-0427-1.NASL
description	This update for nodejs10 fixes the following issues : nodejs10 was updated to version 10.19.0. Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-18
modified	2020-02-24
plugin id	133946
published	2020-02-24
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133946
title	SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2020:0427-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-0488-1.NASL
description	This update for nodejs6 fixes the following issues : Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-18
modified	2020-02-27
plugin id	134100
published	2020-02-27
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134100
title	SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2020:0488-1)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_0032400F624F11EAB495000D3AB229D6.NASL
description	Node.js reports : Updates are now available for all active Node.js release lines for the following issues. HTTP request smuggling using malformed Transfer-Encoding header (Critical) (CVE-2019-15605)HTTP request smuggling using malformed Transfer-Encoding header (Critical) (CVE-2019-15605) Affected Node.js versions can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. HTTP header values do not have trailing OWS trimmed (High) (CVE-2019-15606) Optional whitespace should be trimmed from HTTP header values. Its presence may allow attackers to bypass security checks based on HTTP header values. Remotely trigger an assertion on a TLS server with a malformed certificate string (High) (CVE-2019-15604) Connecting to a NodeJS TLS server with a client certificate that has a type 19 string in its subjectAltName will crash the TLS server if it tries to read the peer certificate. Strict HTTP header parsing (None) Increase the strictness of HTTP header parsing. There are no known vulnerabilities addressed, but lax HTTP parsing has historically been a source of problems. Some commonly used sites are known to generate invalid HTTP headers, a --insecure-http-parser CLI option or insecureHTTPParser http option can be used if necessary for interoperability, but is not recommended.
last seen	2020-03-18
modified	2020-03-10
plugin id	134356
published	2020-03-10
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134356
title	FreeBSD : Node.js -- multiple vulnerabilities (0032400f-624f-11ea-b495-000d3ab229d6)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2020-3838C8EA98.NASL
description	Update to Node.js 12.15.0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	133567
published	2020-02-10
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133567
title	Fedora 31 : 1:libuv / 1:nodejs / nghttp2 (2020-3838c8ea98)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-0703.NASL
description	An update for http-parser is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. Security Fix(es) : * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-03-18
modified	2020-03-06
plugin id	134267
published	2020-03-06
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134267
title	RHEL 7 : http-parser (RHSA-2020:0703)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2020-47EFC31973.NASL
description	Update to Node.js 12.5.0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-18
modified	2020-02-24
plugin id	133884
published	2020-02-24
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133884
title	Fedora 30 : 1:libuv / nghttp2 (2020-47efc31973)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2020-0703.NASL
description	From Red Hat Security Advisory 2020:0703 : An update for http-parser is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. Security Fix(es) : * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-03-18
modified	2020-03-09
plugin id	134339
published	2020-03-09
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134339
title	Oracle Linux 7 : http-parser (ELSA-2020-0703)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-202003-48.NASL
description	The remote host is affected by the vulnerability described in GLSA-202003-48 (Node.js: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly write arbitrary files, cause a Denial of Service condition or can conduct HTTP request splitting attacks. Workaround : There is no known workaround at this time.
last seen	2020-03-26
modified	2020-03-23
plugin id	134776
published	2020-03-23
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134776
title	GLSA-202003-48 : Node.js: Multiple vulnerabilities

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2020-0708.NASL
description	From Red Hat Security Advisory 2020:0708 : An update for http-parser is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. Security Fix(es) : * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-03-18
modified	2020-03-10
plugin id	134357
published	2020-03-10
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134357
title	Oracle Linux 8 : http-parser (ELSA-2020-0708)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-0429-1.NASL
description	This update for nodejs12 fixes the following issues : nodejs12 was updated to version 12.15.0. Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). CVE-2019-16775: Fixed an arbitrary file write vulnerability (bsc#1159352). CVE-2019-16776: Fixed an arbitrary file write vulnerability (bsc#1159352). CVE-2019-16777: Fixed an arbitrary file write vulnerability (bsc#1159352). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-18
modified	2020-02-24
plugin id	133947
published	2020-02-24
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133947
title	SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0429-1)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2020-0703.NASL
description	An update for http-parser is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. Security Fix(es) : * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-03-17
modified	2020-03-06
plugin id	134238
published	2020-03-06
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134238
title	CentOS 7 : http-parser (CESA-2020:0703)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-0708.NASL
description	An update for http-parser is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. Security Fix(es) : * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-03-18
modified	2020-03-06
plugin id	134270
published	2020-03-06
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134270
title	RHEL 8 : http-parser (RHSA-2020:0708)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-1510.NASL
description	The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1510 advisory. - nodejs: HTTP request smuggling using malformed Transfer- Encoding header (CVE-2019-15605) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-04-30
modified	2020-04-21
plugin id	135788
published	2020-04-21
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135788
title	RHEL 7 : http-parser (RHSA-2020:1510)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2020-293.NASL
description	This update for nodejs8 fixes the following issues : Security issues fixed : - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). - CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-03-18
modified	2020-03-06
plugin id	134281
published	2020-03-06
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134281
title	openSUSE Security Update : nodejs8 (openSUSE-2020-293)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4669.NASL
description	Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or HTTP request smuggling.
last seen	2020-05-06
modified	2020-04-30
plugin id	136126
published	2020-04-30
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136126
title	Debian DSA-4669-1 : nodejs - security update (Data Dribble) (Reset Flood) (Resource Loop)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-0707.NASL
description	An update for http-parser is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. Security Fix(es) : * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-03-18
modified	2020-03-06
plugin id	134269
published	2020-03-06
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134269
title	RHEL 8 : http-parser (RHSA-2020:0707)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20200304_HTTP_PARSER_ON_SL7_X.NASL
description	Security Fix(es) : - nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)
last seen	2020-03-18
modified	2020-03-06
plugin id	134273
published	2020-03-06
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134273
title	Scientific Linux Security Update : http-parser on SL7.x x86_64 (20200304)

NASL family	Amazon Linux Local Security Checks
NASL id	AL2_ALAS-2020-1417.NASL
description	HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed (CVE-2019-15605)
last seen	2020-05-12
modified	2020-05-07
plugin id	136361
published	2020-05-07
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136361
title	Amazon Linux 2 : http-parser (ALAS-2020-1417)

Redhat

advisories

bugzilla

id	1800364
title	CVE-2019-15605 nodejs: HTTP request smuggling using malformed Transfer-Encoding header

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment http-parser-devel is earlier than 0:2.7.1-8.el7_7.2
oval oval:com.redhat.rhsa:tst:20200703001
comment http-parser-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192258004

AND
comment http-parser is earlier than 0:2.7.1-8.el7_7.2
oval oval:com.redhat.rhsa:tst:20200703003
comment http-parser is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192258002

rhsa

id	RHSA-2020:0703
released	2020-03-04
severity	Important
title	RHSA-2020:0703: http-parser security update (Important)

bugzilla

id	1800364
title	CVE-2019-15605 nodejs: HTTP request smuggling using malformed Transfer-Encoding header

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 8 is installed
oval oval:com.redhat.rhba:tst:20193384074

AND

comment http-parser-debugsource is earlier than 0:2.8.0-5.el8_1.2
oval oval:com.redhat.rhsa:tst:20200708001
comment http-parser-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193497002

AND
comment http-parser is earlier than 0:2.8.0-5.el8_1.2
oval oval:com.redhat.rhsa:tst:20200708003
comment http-parser is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192258002

rhsa

id	RHSA-2020:0708
released	2020-03-04
severity	Important
title	RHSA-2020:0708: http-parser security update (Important)

rhsa
id RHSA-2020:0573
rhsa
id RHSA-2020:0579
rhsa
id RHSA-2020:0597
rhsa
id RHSA-2020:0598
rhsa
id RHSA-2020:0602
rhsa
id RHSA-2020:0707

rpms

nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c
nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c
nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c
nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c
nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c
nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c
nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed
nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a
npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c
nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c
nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c
nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c
nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c
nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c
nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c
nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed
nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a
npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c
rh-nodejs10-nodejs-0:10.19.0-1.el7
rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7
rh-nodejs10-nodejs-devel-0:10.19.0-1.el7
rh-nodejs10-nodejs-docs-0:10.19.0-1.el7
rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7
nodejs-1:12.16.1-1.module+el8.1.0+5811+44509afe
nodejs-debuginfo-1:12.16.1-1.module+el8.1.0+5811+44509afe
nodejs-debugsource-1:12.16.1-1.module+el8.1.0+5811+44509afe
nodejs-devel-1:12.16.1-1.module+el8.1.0+5811+44509afe
nodejs-docs-1:12.16.1-1.module+el8.1.0+5811+44509afe
nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45
nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45
npm-1:6.13.4-1.12.16.1.1.module+el8.1.0+5811+44509afe
rh-nodejs12-nodejs-0:12.16.1-1.el7
rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7
rh-nodejs12-nodejs-devel-0:12.16.1-1.el7
rh-nodejs12-nodejs-docs-0:12.16.1-1.el7
rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7
http-parser-0:2.7.1-8.el7_7.2
http-parser-debuginfo-0:2.7.1-8.el7_7.2
http-parser-devel-0:2.7.1-8.el7_7.2
http-parser-0:2.8.0-2.el8_0.2
http-parser-debuginfo-0:2.8.0-2.el8_0.2
http-parser-debugsource-0:2.8.0-2.el8_0.2
http-parser-0:2.8.0-5.el8_1.2
http-parser-debuginfo-0:2.8.0-5.el8_1.2
http-parser-debugsource-0:2.8.0-5.el8_1.2
http-parser-0:2.7.1-5.el7_6.1
http-parser-debuginfo-0:2.7.1-5.el7_6.1
http-parser-devel-0:2.7.1-5.el7_6.1

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References