OSSForks/node - node - Carlos Sousa's Git

OSSForks/node

Fork 0

mirror of https://github.com/zebrajr/node.git synced 2025-12-06 12:20:27 +01:00

Commit Graph

Author	SHA1	Message	Date
Matteo Collina	eb43bc04b1	http,https: protect against slow headers attack CVE-2018-12122 An attacker can send a char/s within headers and exahust the resources (file descriptors) of a system even with a tight max header length protection. This PR destroys a socket if it has not received the headers in 40s. PR-URL: https://github.com/nodejs-private/node-private/pull/150 Ref: https://github.com/nodejs-private/node-private/pull/144 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>	2018-11-27 15:11:44 +11:00

Author

SHA1

Message

Date

Matteo Collina

eb43bc04b1

http,https: protect against slow headers attack

CVE-2018-12122

An attacker can send a char/s within headers and exahust the resources
(file descriptors) of a system even with a tight max header length
protection. This PR destroys a socket if it has not received the headers
in 40s.

PR-URL: https://github.com/nodejs-private/node-private/pull/150
Ref: https://github.com/nodejs-private/node-private/pull/144
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>

2018-11-27 15:11:44 +11:00

1 Commits