Back to search
CVE-2017-16025
Published: Jun 4, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to `cookie`. Submitting an invalid cookie on the websocket upgrade request will cause the node process to error out.
| Vendor | Product | Versions |
|---|---|---|
HackerOne | nes node module | affected <=6.4.0 |
Weaknesses (CWE)
References
https://nodesecurity.io/advisories/331
x_refsource_MISC
https://github.com/hapijs/nes/issues/171
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now