CVE-2017-16013
HIGHhapi 15.0.0-16.1.0 - Denial of Service via Malformed Accept-Encoding Header
Title source: llmDescription
hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://nodesecurity.io/advisories/335
Third Party Advisory x_refsource_misc
https://github.com/hapijs/hapi/issues/3466
Scores
CVSS v3
7.5
EPSS
0.0158
EPSS Percentile
72.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
CWE-400
Status
published
Products (2)
hapijs/hapi
15.0.0 - 16.1.0
npm/hapi
15.0.0 - 16.1.1npm
Published
Jun 04, 2018
Tracked Since
Feb 18, 2026