F5 Networks BIG-IP : Node.js vulnerability (K23134279)
Medium Nessus Plugin ID 97838
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K23134279.