FreeBSD : Node.js -- multiple vulnerabilities (0032400f-624f-11ea-b495-000d3ab229d6)

High Nessus Plugin ID 134356

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Node.js reports :

Updates are now available for all active Node.js release lines for the following issues. HTTP request smuggling using malformed Transfer-Encoding header (Critical) (CVE-2019-15605)HTTP request smuggling using malformed Transfer-Encoding header (Critical) (CVE-2019-15605) Affected Node.js versions can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system.
HTTP header values do not have trailing OWS trimmed (High) (CVE-2019-15606) Optional whitespace should be trimmed from HTTP header values. Its presence may allow attackers to bypass security checks based on HTTP header values. Remotely trigger an assertion on a TLS server with a malformed certificate string (High) (CVE-2019-15604) Connecting to a NodeJS TLS server with a client certificate that has a type 19 string in its subjectAltName will crash the TLS server if it tries to read the peer certificate. Strict HTTP header parsing (None) Increase the strictness of HTTP header parsing. There are no known vulnerabilities addressed, but lax HTTP parsing has historically been a source of problems. Some commonly used sites are known to generate invalid HTTP headers, a --insecure-http-parser CLI option or insecureHTTPParser http option can be used if necessary for interoperability, but is not recommended.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?1cb48dc5

http://www.nessus.org/u?de6b991a

Plugin Details

Severity: High

ID: 134356

File Name: freebsd_pkg_0032400f624f11eab495000d3ab229d6.nasl

Version: 1.2

Type: local

Published: 2020/03/10

Updated: 2020/03/12

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:node, p-cpe:/a:freebsd:freebsd:node10, p-cpe:/a:freebsd:freebsd:node12, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 2020/03/09

Vulnerability Publication Date: 2020/02/06

Reference Information

CVE: CVE-2019-15604, CVE-2019-15605, CVE-2019-15606