CVE-2015-8027

Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request.

Affected Software

Name	Vendor	Start Version	End Version
Node.js	Nodejs	0.12.0 (including)	0.12.0 (including)
Node.js	Nodejs	0.12.1 (including)	0.12.1 (including)
Node.js	Nodejs	0.12.2 (including)	0.12.2 (including)
Node.js	Nodejs	0.12.3 (including)	0.12.3 (including)
Node.js	Nodejs	0.12.4 (including)	0.12.4 (including)
Node.js	Nodejs	0.12.5 (including)	0.12.5 (including)
Node.js	Nodejs	0.12.6 (including)	0.12.6 (including)
Node.js	Nodejs	0.12.7 (including)	0.12.7 (including)
Node.js	Nodejs	0.12.8 (including)	0.12.8 (including)
Node.js	Nodejs	4.2.0 (including)	4.2.0 (including)
Node.js	Nodejs	4.2.1 (including)	4.2.1 (including)
Node.js	Nodejs	4.2.2 (including)	4.2.2 (including)
Node.js	Nodejs	5.0.0 (including)	5.0.0 (including)
Node.js	Nodejs	5.1.0 (including)	5.1.0 (including)
Nodejs	Ubuntu	artful	*
Nodejs	Ubuntu	precise	*
Nodejs	Ubuntu	upstream	*
Nodejs	Ubuntu	vivid	*
Nodejs	Ubuntu	wily	*
Nodejs	Ubuntu	yakkety	*
Nodejs	Ubuntu	zesty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-8027
CWE	https://cwe.mitre.org/data/definitions/17.html

Affected Software

References