Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-3956

EPSS 3.21% · P87
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2016-3956

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Joyent Node.js npm 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Joyent Node.js是美国Joyent公司的一套建立在Google V8 JavaScript引擎之上的网络应用平台。npm是其中的一个包管理和分发工具。 Joyent Node.js中使用的npm 2.15.1之前版本和3.8.3之前3.x版本中的CLI中存在安全漏洞,该漏洞源于请求中包含发件人令牌。远程攻击者可通过读取Authorization头利用该漏洞获取敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2016-3956

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2016-3956

登录查看更多情报信息。

Same Patch Batch · n/a · 2016-07-02 · 21 CVEs total

CVE-2016-2861IBM WebSphere eXtreme Scale 安全漏洞
CVE-2016-4560Flexera InstallAnywhere 不可信搜索路径漏洞
CVE-2016-2968IBM Security QRadar Incident Forensics 安全漏洞
CVE-2016-2961IBM Integration Bus 安全漏洞
CVE-2016-2883IBM TRIRIGA Application Platform 跨站脚本漏洞
CVE-2016-2882IBM TRIRIGA Application Platform 安全漏洞
CVE-2016-2872IBM QRadar SIEM和Security QRadar Incident Forensics 路径遍历漏洞
CVE-2016-2870IBM WebSphere DataPower XC10 缓冲区溢出漏洞
CVE-2016-2868IBM QRadar SIEM 安全漏洞
CVE-2016-2867IBM InfoSphere Streams和IBM Streams 安全漏洞
CVE-2016-0386IBM TRIRIGA Application Platform 跨站请求伪造漏洞
CVE-2016-1440Cisco Web Security Appliance 拒绝服务漏洞
CVE-2016-1416Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol 安全漏洞
CVE-2016-1408Cisco Prime Infrastructure和Cisco Evolved Programmable Network Manager 安全漏洞
CVE-2016-1289Cisco Prime Infrastructure和Evolved Programmable Network Manager API 安全漏洞
CVE-2016-0400IBM WebSphere eXtreme Scale HTTP响应拆分漏洞
CVE-2016-0399IBM Maximo Asset Management 跨站脚本漏洞
CVE-2016-0398IBM Cognos Analytics 安全漏洞
CVE-2016-0391IBM Watson Developer Cloud 安全漏洞
CVE-2016-0387IBM TRIRIGA Application Platform 跨站脚本漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2016-3956

No comments yet

Leave a comment