QwikSec

Security Database

CVE

CWE

Training

CVE-2019-5739

Published: Mar 28, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.

Vendor	Product	Versions
Node.js	Node.js	affected `All versions prior to 6.17.0`

Weaknesses (CWE)

References

https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/

x_refsource_MISC

openSUSE-SU-2019:1076

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:1173

vendor-advisory

x_refsource_SUSE

https://security.netapp.com/advisory/ntap-20190502-0008/

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.