Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1164

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-1164
Last Modified 23 Jan 2015 04:11:11
Published 21 Jan 2015 10:28:37
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1164

Summary

Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.

Vulnerable Systems

Application

  • Serve-static Project Serve-static 1.7.1


References

CONFIRM - https://github.com/expressjs/serve-static/issues/26

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1181917

XF - nodejs-servestatic-open-redirect(99936)

BID - 72064

CONFIRM - http://nodesecurity.io/advisories/serve-static-open-redirect


Last Updated: 27 May 2016 11:07:36