CVE-2019-5739 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-5739 Interim 1 17 2023-04-20T00:07:22Z current 2021-05-30T14:23:14Z 2023-04-20T00:07:22Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-5739 Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2019-March/005212.html E-Mail link for SUSE-SU-2019:0658-1 https://lists.suse.com/pipermail/sle-security-updates/2019-March/005269.html E-Mail link for SUSE-SU-2019:0818-1 https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html E-Mail link for openSUSE-SU-2019:1076-1 https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html E-Mail link for openSUSE-SU-2019:1173-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 4 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 15 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 15 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 15 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 nodejs10 nodejs10-devel nodejs10-docs nodejs12 nodejs12-devel nodejs12-docs nodejs4-4.9.1-15.20.1 nodejs4-devel-4.9.1-15.20.1 nodejs4-docs-4.9.1-15.20.1 nodejs6 nodejs6-6.17.0-11.24.1 nodejs6-devel-6.17.0-11.24.1 nodejs6-docs-6.17.0-11.24.1 nodejs8 nodejs8-devel nodejs8-docs npm10 npm12 npm4-4.9.1-15.20.1 npm6-6.17.0-11.24.1 npm8 nodejs4-4.9.1-15.20.1 as a component of SUSE Enterprise Storage 4 nodejs6-6.17.0-11.24.1 as a component of SUSE Enterprise Storage 4 nodejs4-4.9.1-15.20.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs4-devel-4.9.1-15.20.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs4-docs-4.9.1-15.20.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs6-6.17.0-11.24.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs6-devel-6.17.0-11.24.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs6-docs-6.17.0-11.24.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 npm4-4.9.1-15.20.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 npm6-6.17.0-11.24.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs6-6.17.0-11.24.1 as a component of SUSE OpenStack Cloud 7 nodejs6-6.17.0-11.24.1 as a component of SUSE OpenStack Cloud Crowbar 8 nodejs10 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs10-devel as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs10-docs as a component of SUSE Linux Enterprise Module for Web and Scripting 12 npm10 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs12 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs12-devel as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs12-docs as a component of SUSE Linux Enterprise Module for Web and Scripting 12 npm12 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs8 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 nodejs8-devel as a component of SUSE Linux Enterprise Module for Web and Scripting 15 nodejs8-docs as a component of SUSE Linux Enterprise Module for Web and Scripting 15 npm8 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 nodejs6 as a component of SUSE OpenStack Cloud Crowbar 9 Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default. CVE-2019-5739 SUSE Enterprise Storage 4:nodejs4-4.9.1-15.20.1 SUSE Enterprise Storage 4:nodejs6-6.17.0-11.24.1 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.20.1 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.20.1 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.20.1 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.24.1 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.24.1 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.17.0-11.24.1 SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.20.1 SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.0-11.24.1 SUSE OpenStack Cloud 7:nodejs6-6.17.0-11.24.1 SUSE OpenStack Cloud Crowbar 8:nodejs6-6.17.0-11.24.1 SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8 SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs SUSE Linux Enterprise Module for Web and Scripting 15:npm8 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs SUSE Linux Enterprise Module for Web and Scripting 12:npm10 SUSE Linux Enterprise Module for Web and Scripting 12:npm12 SUSE OpenStack Cloud Crowbar 9:nodejs6 low