CVE-2012-2330
- Source
- https://cve.org/CVERecord?id=CVE-2012-2330
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2012-2330.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2012-2330
- Downstream
- Published
- 2012-08-13T23:55:01Z
- Modified
- 2026-04-10T03:42:19.032532Z
- Summary
- [none]
- Details
-
The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.
- References
-
- http://secunia.com/advisories/49066
- http://blog.nodejs.org/2012/05/04/version-0-6-17-stable/
- https://github.com/joyent/node/commit/7b3fb22
- https://github.com/joyent/node/commit/c9a231d
- https://github.com/joyent/node/commit/7b3fb22
- https://github.com/joyent/node/commit/c9a231d
- http://www.openwall.com/lists/oss-security/2012/05/08/4
- http://www.openwall.com/lists/oss-security/2012/05/08/8
- https://support.f5.com/csp/article/K99038439?utm_source=f5support&%3Butm_medium=RSS