Unsigned Request Headers

Affecting http-signature package, versions <0.10.0 >=0.9.0

Do your applications use this vulnerable package? Test your applications

Overview

http-signature is a Reference implementation of Joyent's HTTP Signature scheme. Affected versions of the package are vulnerable to header forgery, due to the header names not being signed. An attacker could switch the header list order and header value order ending up wit the same signature for two separate requests.

Remediation

Upgrade http-signature to version 0.10.0 or higher.

References

CVSS Score

6.5
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    Low
  • Availability
    None
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Credit
Dave Longley
CVE
CVE-2017-16005
CWE
CWE-74
Snyk ID
npm:http-signature:20130418
Disclosed
17 Apr, 2013
Published
13 Feb, 2017