CVE-2017-16030

Published: Jun 4, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.

Affected (1)

Products: Useragent Project: Useragent

Useragent Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Useragent Project Useragent	Up to 2.1.12

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://nodesecurity.io/advisories/312

Source: support@hackerone.com

ExploitThird Party Advisory

https://nodesecurity.io/advisories/312

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.