CVE-2017-16005

Published: Jun 4, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature.

Affected (1)

Products: Joyent: Http Signature

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Joyent Http Signature	Up to 0.9.11

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (4)

https://github.com/joyent/node-http-signature/issues/10

Source: support@hackerone.com

PatchThird Party Advisory

https://nodesecurity.io/advisories/318

Source: support@hackerone.com

Third Party Advisory

https://github.com/joyent/node-http-signature/issues/10

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://nodesecurity.io/advisories/318

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.