CVE-2018-12122 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-12122 PUBLISHED

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.

EPSS 5.49% · 90.1th percentile

Risk Scores

EPSS Score

5.49%

90.1th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:14.04:LTS	nodejs	0, 0.10.15~dfsg1-4, 0.10.21~dfsg1-1
Ubuntu:Pro:18.04:LTS	nodejs	8.10.0~dfsg-2ubuntu0.4, 0, 6.11.4~dfsg-1ubuntu1
Ubuntu:Pro:16.04:LTS	nodejs	4.2.6~dfsg-1ubuntu4.2+esm1, 4.2.6~dfsg-1ubuntu4.2+esm2, 4.2.6~dfsg-1ubuntu4.2+esm3

Timeline

CVE Published
Feb 13, 2020 PoC Published
Apr 14, 2021 EPSS Score
Apr 26, 2023 EPSS Score
Nov 22, 2023 EPSS Score
Mar 17, 2025 EPSS Score
Mar 22, 2025 EPSS Score
Mar 28, 2025 EPSS Score
Mar 30, 2025 EPSS Score
Apr 3, 2025 EPSS Score
Apr 7, 2025 EPSS Score
Apr 8, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2018-12122 third-party-advisory
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ third-party-advisory
https://ubuntu.com/security/notices/USN-4796-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2018-12122 third-party-advisory

Open in Interactive Console →