CVE-2017-15896
N/A
N/A
Summary
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Node.js Project | Node.js | 4.0.0 and higher | affected |
| The Node.js Project | Node.js | 6.0.0 and higher | affected |
| The Node.js Project | Node.js | 8.0.0 and higher | affected |
| The Node.js Project | Node.js | 9.0.0 and higher | affected |
Weaknesses
- Data Confidentiality/Integrity
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.