Vulnerability Description
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nodejs | Node.Js | >= 6.0.0, < 6.15.1 |
| Suse | Suse Enterprise Storage | 4 |
| Suse | Suse Linux Enterprise Server | 12 |
| Suse | Suse Openstack Cloud | 7 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106043Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2019:1821Third Party Advisory
- https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/PatchVendor Advisory
- https://security.gentoo.org/glsa/202003-48Third Party Advisory
- http://www.securityfocus.com/bid/106043Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2019:1821Third Party Advisory
- https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/PatchVendor Advisory
- https://security.gentoo.org/glsa/202003-48Third Party Advisory
- https://security.netapp.com/advisory/ntap-20241213-0009/
FAQ
What is CVE-2018-12122?
CVE-2018-12122 is a vulnerability with a CVSS score of 7.5 (HIGH). Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP...
How severe is CVE-2018-12122?
CVE-2018-12122 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-12122?
Check the references section above for vendor advisories and patch information. Affected products include: Nodejs Node.Js, Suse Suse Enterprise Storage, Suse Suse Linux Enterprise Server, Suse Suse Openstack Cloud.