Lookup for vulnerabilities affecting packages.
| Vulnerability_id | VCID-3j17-wsqw-hucs |
|---|
| Summary | NodeJS: HTTP Pipelining DoS |
|---|
| Aliases |
|
|---|
| Fixed_packages |
|
|---|
| Affected_packages |
|
|---|
| References |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4450 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.68714 |
| scoring_system |
epss |
| scoring_elements |
0.98608 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.68714 |
| scoring_system |
epss |
| scoring_elements |
0.9861 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.68714 |
| scoring_system |
epss |
| scoring_elements |
0.98613 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.68714 |
| scoring_system |
epss |
| scoring_elements |
0.98615 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.68714 |
| scoring_system |
epss |
| scoring_elements |
0.98617 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.68714 |
| scoring_system |
epss |
| scoring_elements |
0.98618 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.68714 |
| scoring_system |
epss |
| scoring_elements |
0.98621 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.68714 |
| scoring_system |
epss |
| scoring_elements |
0.98623 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.68714 |
| scoring_system |
epss |
| scoring_elements |
0.98626 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4450 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
|---|
| Weaknesses |
|
|---|
| Exploits |
| 0 |
| date_added |
null |
| description |
This module exploits a Denial of Service (DoS) condition in the HTTP parser of Node.js versions
released before 0.10.21 and 0.8.26. The attack sends many pipelined
HTTP requests on a single connection, which causes unbounded memory
allocation when the client does not read the responses. |
| required_action |
null |
| due_date |
null |
| notes |
Stability:
- crash-service-down
SideEffects: []
Reliability: []
|
| known_ransomware_campaign_use |
false |
| source_date_published |
2013-10-18 |
| exploit_type |
null |
| platform |
|
| source_date_updated |
null |
| data_source |
Metasploit |
| source_url |
https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/http/nodejs_pipelining.rb |
|
|
|---|
| Severity_range_score | null |
|---|
| Exploitability | 2.0 |
|---|
| Weighted_severity | 0.6 |
|---|
| Risk_score | 1.2 |
|---|
| Resource_url | http://public2.vulnerablecode.io/vulnerabilities/VCID-3j17-wsqw-hucs |
|---|