The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-08-13T23:00:00

Updated: 2024-08-06T19:34:23.579Z

Reserved: 2012-04-19T00:00:00

Link: CVE-2012-2330

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-08-13T23:55:01.130

Modified: 2023-02-13T04:33:24.827

Link: CVE-2012-2330

cve-icon Redhat

No data.