CVE-2013-4450

Nodejs - Improper Input Validation

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4450. PoCs published by Marek Majkowski, titanous, joev, including Metasploit module auxiliary/dos/http/nodejs_pipelining.

AI-analyzed exploit summary This Metasploit module exploits a Denial of Service (DoS) vulnerability in Node.js HTTP parser by sending pipelined HTTP requests to trigger unbounded memory allocation. It targets versions before 0.10.21 and 0.8.26.

Description

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.

Exploits (1)

metasploit WORKING POC

by Marek Majkowski, titanous, joev · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/nodejs_pipelining.rb

View Code ZIP pw:eip

This Metasploit module exploits a Denial of Service (DoS) vulnerability in Node.js HTTP parser by sending pipelined HTTP requests to trigger unbounded memory allocation. It targets versions before 0.10.21 and 0.8.26.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Node.js versions before 0.10.21 and 0.8.26

No auth needed

Prerequisites: Network access to the target Node.js server

MITRE ATT&CK