Search for vulnerabilities
Vulnerability details: VCID-tmc9-1ebt-aaas
Vulnerability ID VCID-tmc9-1ebt-aaas
Aliases CVE-2013-4450
Summary The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
generic_textual Medium http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4450.html
rhas Moderate https://access.redhat.com/errata/RHSA-2013:1842
epss 0.09367 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.11802 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.11802 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.11802 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.11802 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.11802 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.11802 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.11802 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.11802 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.11802 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.13285 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.13285 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68247 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68247 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68247 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68247 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68247 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68247 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68247 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68247 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
epss 0.68714 https://api.first.org/data/v1/epss?cve=CVE-2013-4450
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1021170
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4450
generic_textual Medium https://github.com/joyent/node/commit/085dd30e93da67362f044ad1b3b6b2d997064692
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2013-4450
Reference id Reference type URL
http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/
http://blog.nodejs.org/2013/10/18/node-v0-8-26-maintenance/
http://lists.opensuse.org/opensuse-updates/2013-12/msg00051.html
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4450.html
http://rhn.redhat.com/errata/RHSA-2013-1842.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4450.json
https://api.first.org/data/v1/epss?cve=CVE-2013-4450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4450
https://github.com/joyent/node/commit/085dd30e93da67362f044ad1b3b6b2d997064692
https://github.com/joyent/node/issues/6214
https://github.com/rapid7/metasploit-framework/pull/2548
https://groups.google.com/forum/#%21topic/nodejs/NEbweYB0ei0
https://groups.google.com/forum/#!topic/nodejs/NEbweYB0ei0
https://kb.juniper.net/JSA10783
http://www.openwall.com/lists/oss-security/2013/10/20/1
http://www.securityfocus.com/bid/63229
1021170 https://bugzilla.redhat.com/show_bug.cgi?id=1021170
cpe:2.3:a:nodejs:nodejs:0.10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.10:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.11:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.12:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.13:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.14:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.15:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.16:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.17:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.18:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.19:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.2:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.20:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.3:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.4:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.5:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.6:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.7:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.8:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.10.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.9:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.10:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.11:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.12:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.13:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.14:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.15:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.16:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.17:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.18:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.19:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.20:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.21:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.22:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.23:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.24:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.25:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.25:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.3:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.4:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.6:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.8:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:nodejs:0.8.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.9:*:*:*:*:*:*:*
CVE-2013-4450 https://nvd.nist.gov/vuln/detail/CVE-2013-4450
RHSA-2013:1842 https://access.redhat.com/errata/RHSA-2013:1842
Data source Metasploit
Description This module exploits a Denial of Service (DoS) condition in the HTTP parser of Node.js versions released before 0.10.21 and 0.8.26. The attack sends many pipelined HTTP requests on a single connection, which causes unbounded memory allocation when the client does not read the responses.
Note 
Stability:
  - crash-service-down
SideEffects: []
Reliability: []
Ransomware campaign use Unknown
Source publication date Oct. 18, 2013
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/http/nodejs_pipelining.rb
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-4450
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.94897
EPSS Score 0.09367
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.