CVE-2017-16014

High

Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can…

hackerone·CWE-703·Published 2018-06-04

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

181 chars

Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.

NVDen

181 chars

Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.

Affected versions of `http-proxy` are vulnerable to a denial of service attack, wherein an attacker can force an error which will cause the server to crash. ## Recommendation Update to version 0.7.0 or later.

GHSAen

211 chars

NVDes

270 chars

Http-proxy es una biblioteca de proxying. Debido a la forna en la que se gestionan los errores en las versiones anteriores a la 0.7.0, un atacante que fuerce un error podría provocar el cierre inesperado del servidor, lo que desencadena una denegación de servicio (DoS).

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	GHSA	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H