UBUNTU-CVE-2016-5325

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2016-5325

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-5325.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-5325

Related

CVE-2016-5325

Published

2016-10-10T16:59:00Z

Modified

2016-10-10T16:59:00Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.

References

Affected packages

Ubuntu:14.04:LTS / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs@0.10.25~dfsg2-2ubuntu1.2?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.25~dfsg2-2ubuntu1.2

Affected versions

0.*

0.10.15~dfsg1-4

0.10.21~dfsg1-1

0.10.22~dfsg1-2

0.10.23~dfsg1-1

0.10.23~dfsg1-2

0.10.23~dfsg1-3

0.10.24~dfsg1-1

0.10.25~dfsg2-2

0.10.25~dfsg2-2ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "nodejs-dbg": "0.10.25~dfsg2-2ubuntu1.2",
            "nodejs-dev": "0.10.25~dfsg2-2ubuntu1.2",
            "nodejs-dev-dbgsym": "0.10.25~dfsg2-2ubuntu1.2",
            "nodejs": "0.10.25~dfsg2-2ubuntu1.2",
            "nodejs-legacy": "0.10.25~dfsg2-2ubuntu1.2",
            "nodejs-dbgsym": "0.10.25~dfsg2-2ubuntu1.2"
        }
    ]
}

Ubuntu:16.04:LTS / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs@4.2.6~dfsg-1ubuntu4.2?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2.6~dfsg-1ubuntu4.2

Affected versions

0.*

0.10.25~dfsg2-2ubuntu1

4.*

4.2.2~dfsg-1

4.2.3~dfsg-1

4.2.4~dfsg-1ubuntu1

4.2.4~dfsg-2

4.2.6~dfsg-1ubuntu1

4.2.6~dfsg-1ubuntu4

4.2.6~dfsg-1ubuntu4.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "nodejs-dbg": "4.2.6~dfsg-1ubuntu4.2",
            "nodejs-dev": "4.2.6~dfsg-1ubuntu4.2",
            "nodejs-dev-dbgsym": "4.2.6~dfsg-1ubuntu4.2",
            "nodejs": "4.2.6~dfsg-1ubuntu4.2",
            "nodejs-legacy": "4.2.6~dfsg-1ubuntu4.2",
            "nodejs-dbgsym": "4.2.6~dfsg-1ubuntu4.2"
        }
    ]
}

Ubuntu:18.04:LTS / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs@8.10.0~dfsg-2?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.10.0~dfsg-2

Affected versions

6.*

6.11.4~dfsg-1ubuntu1

6.11.4~dfsg-1ubuntu2

6.12.0~dfsg-1ubuntu1

6.12.0~dfsg-2ubuntu1

6.12.0~dfsg-2ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "nodejs-dev": "8.10.0~dfsg-2",
            "nodejs-doc": "8.10.0~dfsg-2",
            "nodejs": "8.10.0~dfsg-2",
            "nodejs-dbgsym": "8.10.0~dfsg-2"
        }
    ]
}