Home > Vulnerability Database > CVE-2016-4055

Mend.io Vulnerability Database

CVE-2016-4055

Good to know:

Date: January 23, 2017

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

Language: Java

Severity Score

6.5

Related Resources (19)

Url: https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-4055

Url: https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E

Url: https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E

Url: https://github.com/advisories/GHSA-87vv-r9j6-g5qv

Url: https://github.com/moment/moment

Url: https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E

Url: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Url: http://www.openwall.com/lists/oss-security/2016/04/20/11

Url: https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E

Url: https://nodesecurity.io/advisories/55

Url: https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E

Url: https://github.com/advisories/GHSA-hxf5-mg84-pj4m

Url: https://www.tenable.com/security/tns-2019-02

Url: https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E

Url: http://www.securityfocus.com/bid/95849

Url: https://www.npmjs.com/advisories/55

Url: https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E

Url: https://www.mend.io/vulnerability-database/CVE-2016-4055

Severity Score

6.5

Weakness Type (CWE)

Resource Management Errors

CWE-399

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

Upgrade Version

Upgrade to version moment - 2.11.2

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	7.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2016-4055

Good to know:

Date: January 23, 2017

Language: Java

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?