HTTP: Node.js Foundation Node.js zlib windowBits Denial of Service

This signature detects attempts to exploit a known vulnerability in Node.js. Successful exploitation would result in the target system abnormally terminating.

Extended Description

Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.

Affected Products

Nodejs node.js

References

BugTraq: 101881

CVE: CVE-2017-14919

Short Name
HTTP:NODEJS-ZLIBWINDOWSBITS-DOS
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2017-14919 Denial Foundation Node.js Service bid:101881 of windowBits zlib
Release Date
01/18/2018
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3337
False Positive
Unknown
Vendors

Nodejs

CVSS Score

5.0

Found a potential security threat?