Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2016-2216

Description

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.

POC

Reference

- http://packetstormsecurity.com/files/135711/Node.js-HTTP-Response-Splitting.html

Github

- https://github.com/Aaron40/covenant-university-website

- https://github.com/Clean-home-ltd/proffesional-clean-home-ltd

- https://github.com/FerreWagner/Node

- https://github.com/Fraunhofer0126/book_management_system

- https://github.com/GabrielNumaX/TP-final-con-modal

- https://github.com/GabrielNumaX/TP-final-lab-IV

- https://github.com/JanDAXC/Discord-Bot

- https://github.com/KIMBIBLE/coverity_node_master

- https://github.com/MO2k4/node-js-6

- https://github.com/Nishokmn/Node

- https://github.com/PLSysSec/lockdown-node

- https://github.com/Rohit89Kr/node-master

- https://github.com/TimothyGu/node-no-icu

- https://github.com/TommyTeaVee/nodejs

- https://github.com/acldm/nodejs_booksmanager

- https://github.com/adv-ai-tech/npmreadme

- https://github.com/agenih/Nodejs

- https://github.com/alibaba/AliOS-nodejs

- https://github.com/an-hoang-persional/Demo-Node-Js

- https://github.com/ayojs/ayo

- https://github.com/codedrone/node

- https://github.com/corso75/nodejs

- https://github.com/devmohgoud/Wimo

- https://github.com/devmohgoud/WimoTask

- https://github.com/dwrobel/node-shared

- https://github.com/erwilson98/project4

- https://github.com/evilpixi/nuevoproy

- https://github.com/evilpixi/redsocial

- https://github.com/freedeveloper000/node

- https://github.com/iamgami/nodemysql

- https://github.com/iamir0/fivem-node

- https://github.com/ilmila/J2EEScan

- https://github.com/imdebop/node891portable

- https://github.com/imfahim/MovieCollabs

- https://github.com/jebuslperez/md

- https://github.com/jkirkpatrick260/node

- https://github.com/joelwembo/NodeBackendUtils

- https://github.com/joelwembo/angular6restaurantdemoproject

- https://github.com/kavitharajasekaran1/node-sample-code-employee

- https://github.com/konge10/TCA-ModMail

- https://github.com/kp96/nodejs-patched

- https://github.com/luk12345678/laravel-angular-authentication7

- https://github.com/madwax/node-archive-support

- https://github.com/mkmdivy/africapolisOld

- https://github.com/modejs/mode

- https://github.com/nuubes-test/Nuubes

- https://github.com/pearlsoflutra5/group

- https://github.com/petamaj/node-tracer

- https://github.com/petamaj/nodetracer

- https://github.com/pradhyu-singh/node

- https://github.com/r0flc0pt4/node

- https://github.com/ravichate/applications

- https://github.com/reactorlabs/phase3_ii

- https://github.com/ronoski/j2ee-rscan

- https://github.com/senortighto/Nodejs

- https://github.com/stanislavZaturinsky/node.js-parser

- https://github.com/sunojapps/node

- https://github.com/synergyfr/tth_nodejs

- https://github.com/tuzhu008/canvas_cn

- https://github.com/tuzhu008/gitbook-Node_cn

- https://github.com/wonjiky/africa

- https://github.com/xeaola/nodeJS-source

- https://github.com/yeerkkiller1/nodejs