Apparently, a trivial DoS vulnerability for any Node serving HTTP: https://group... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jared314 on Oct 19, 2013 \| parent \| context \| favorite \| on: Node v0.10.21 Stable has critical security fix Apparently, a trivial DoS vulnerability for any Node serving HTTP: https://groups.google.com/forum/#!msg/nodejs/NEbweYB0ei0/gWv... The odd thing about non-disclosure in an open source project is: I can diff the code bases before and after the fix. https://github.com/joyent/node/issues/6214 https://github.com/joyent/node/commit/085dd30e93da67362f044a... And, they have a test script: https://github.com/joyent/node/blob/085dd30e93da67362f044ad1...

jared314 on Oct 19, 2013 [–]

And, now metasploit has two competing modules in the works:

https://github.com/rapid7/metasploit-framework/pull/2548

https://github.com/rapid7/metasploit-framework/pull/2549

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact