CVE-2016-1000232 — MEDIUM (5.3)

Q: How severe is CVE-2016-1000232?

CVE-2016-1000232 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-1000232?

Check the references section above for vendor advisories and patch information. Affected products include: Salesforce Tough-Cookie, Ibm Api Connect, Redhat Openshift Container Platform.

Vulnerability Description

NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Salesforce	Tough-Cookie	>= 0.9.7, <= 2.2.2
Ibm	Api Connect	>= 5.0.6.0, <= 5.0.6.5
Redhat	Openshift Container Platform	3.1

Related Weaknesses (CWE)

CWE-20

References

https://access.redhat.com/errata/RHSA-2016:2101Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2912Third Party Advisory
https://access.redhat.com/security/cve/cve-2016-1000232Third Party Advisory
https://github.com/salesforce/tough-cookie/commit/615627206357d997d5e6ff9da15899PatchThird Party Advisory
https://github.com/salesforce/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea69PatchThird Party Advisory
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affecteThird Party Advisory
https://www.npmjs.com/advisories/130Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:2101Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2912Third Party Advisory
https://access.redhat.com/security/cve/cve-2016-1000232Third Party Advisory
https://github.com/salesforce/tough-cookie/commit/615627206357d997d5e6ff9da15899PatchThird Party Advisory
https://github.com/salesforce/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea69PatchThird Party Advisory
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affecteThird Party Advisory
https://www.npmjs.com/advisories/130Third Party Advisory

FAQ

What is CVE-2016-1000232?

CVE-2016-1000232 is a vulnerability with a CVSS score of 5.3 (MEDIUM). NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable v...

How severe is CVE-2016-1000232?

CVE-2016-1000232 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-1000232?

Check the references section above for vendor advisories and patch information. Affected products include: Salesforce Tough-Cookie, Ibm Api Connect, Redhat Openshift Container Platform.