Sign in
CVE-2015-9243
CVE-2015-9243
Description
When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`).
Impact
CVSS v3 : 5.9 MEDIUM
CVSS v2 : 4.3 MEDIUM
Type
CWE-254
Attack Vector
CVSSv2 Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N
Quick links
CVE
,
NVD
,
CERT
,
Metasploit
,
Exploit-db
,
Fulldisc
,
Bugtraq
,
Microsoft
,
Red Hat
,
Debian
, GitHub
code
/
issues
,
Google
References
https://github.com/hapijs/hapi/issues/2980
https://nodesecurity.io/advisories/65
FAQ
Terms of service
Privacy policy
