RSS   Vulnerabilities for 'Http-signature'   RSS

2018-06-04
 
CVE-2017-16005

CWE-347
 

 
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature.

 

 >>> Vendor: Joyent 6 Products
Node.js
Smartos
Triton data center
Http-signature
Sshpk
Triton datacenter


Copyright 2024, cxsecurity.com

 

Back to Top