April 18, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple SAP BusinessObjects, NetWeaver Application and SuccessFactors Vulnerabilities
October 13, 2021Rewterz Threat Advisory – Multiple Juniper Networks Junos OS and CTPView
October 14, 2021Rewterz Threat Advisory – Multiple SAP BusinessObjects, NetWeaver Application and SuccessFactors Vulnerabilities
October 13, 2021Rewterz Threat Advisory – Multiple Juniper Networks Junos OS and CTPView
October 14, 2021
Severity
Medium
Analysis Summary
CVE-2021-22960
Node.js is vulnerable to HTTP request smuggling, caused by an error when parsing the body of chunked requests. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVE-2021-22959
Node.js is vulnerable to HTTP request smuggling, caused by an error related to space in headers. A remote attacker could send a specially-crafted request with a space (SP) right after the header name before the colon to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
Impact
- Security Bypass
Affected Vendors
Node.js
Affected Products
- Node.js Node.js 12
- Node.js Node.js 14.0
- Node.js Node.js 16.0
Remediation
Upgrade to the latest version of Node.js, available from the Node.js Web site.
