CVE-2014-6393 - OpenCVE

The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Openjsf	Express

Configuration 1 [-]

OR	cpe:2.3:a:openjsf:express::::::::
	cpe:2.3:a:openjsf:express:4.0.0:::::::*
	cpe:2.3:a:openjsf:express:4.1.0:::::::*
	cpe:2.3:a:openjsf:express:4.1.1:::::::*
	cpe:2.3:a:openjsf:express:4.1.2:::::::*
	cpe:2.3:a:openjsf:express:4.2.0:::::::*
	cpe:2.3:a:openjsf:express:4.3.0:::::::*
	cpe:2.3:a:openjsf:express:4.3.1:::::::*
	cpe:2.3:a:openjsf:express:4.3.2:::::::*
	cpe:2.3:a:openjsf:express:4.4.0:::::::*
	cpe:2.3:a:openjsf:express:4.4.1:::::::*
	cpe:2.3:a:openjsf:express:4.4.2:::::::*
	cpe:2.3:a:openjsf:express:4.4.3:::::::*
	cpe:2.3:a:openjsf:express:4.4.4:::::::*
	cpe:2.3:a:openjsf:express:4.4.5:::::::*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1203190	Issue Tracking Third Party Advisory VDB Entry
https://nodesecurity.io/advisories/express-no-charset-in-content-type-header	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-08-09T18:00:00

Updated: 2017-08-09T17:57:01

Reserved: 2014-09-15T00:00:00

Link: CVE-2014-6393

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-08-09T18:29:00.480

Modified: 2021-07-30T16:36:04.447

Link: CVE-2014-6393

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-12T00:00:00", "descriptions": [{"lang": "en", "value": "The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-09T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://nodesecurity.io/advisories/express-no-charset-in-content-type-header"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203190"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6393", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://nodesecurity.io/advisories/express-no-charset-in-content-type-header", "refsource": "CONFIRM", "url": "https://nodesecurity.io/advisories/express-no-charset-in-content-type-header"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1203190", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203190"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-6393", "datePublished": "2017-08-09T18:00:00", "dateReserved": "2014-09-15T00:00:00", "dateUpdated": "2017-08-09T17:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openjsf:express:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3044B30-C7BD-4472-B79F-1B1CF6678B83", "versionEndIncluding": "3.10.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:openjsf:express:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7048C98D-3862-4067-BBD9-FED2488EAAA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:openjsf:express:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "41978223-8371-41B6-A5AA-C270357ECE88", "vulnerable": true}, {"criteria": "cpe:2.3:a:openjsf:express:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1DC94FA3-2F6E-4C11-AFF9-EBE99661E3CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:openjsf:express:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E3EE054C-7B48-46FC-B048-458A138718A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:openjsf:express:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "5CAF101E-20FC-40EC-9566-6274E24D668D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openjsf:express:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E93C3DE-988C-47D9-84BB-0579D83A05C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:openjsf:express:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E80EDF16-E5CF-4B61-B041-54D2D33B2A13", "vulnerable": true}, {"criteria": "cpe:2.3:a:openjsf:express:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "89706C45-EE55-4778-AE2A-53DCFFEC45D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openjsf:express:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "C29C2745-5E28-42EE-AA8D-5EAB394AC813", "vulnerable": true}, {"criteria": "cpe:2.3:a:openjsf:express:4.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "13FFEADC-67C9-4270-B832-696BF41ADE2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:openjsf:express:4.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "7F8DC1AA-D87C-4DC6-9735-56A78719E96A", "vulnerable": true}, {"criteria": "cpe:2.3:a:openjsf:express:4.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "2B020CA0-739E-4404-A1D1-59B826F3DC3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openjsf:express:4.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "080B58C4-1910-43C5-AAF6-2134416E9685", "vulnerable": true}, {"criteria": "cpe:2.3:a:openjsf:express:4.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "F71DFB79-FD8C-4470-8B3B-8FA1E4FE2F41", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding."}, {"lang": "es", "value": "El framework web Express en versiones anteriores a la 3.11 y en versiones 4.x anteriores a la 4.5 para Node.js no proporciona un campo charset en los encabezados HTTP Content-Type en respuestas de nivel 400. Esto permitir\u00eda que atacantes remotos llevasen a cabo ataques de tipo cross-site scripting (XSS) mediante caracteres en una codificaci\u00f3n no est\u00e1ndar."}], "id": "CVE-2014-6393", "lastModified": "2021-07-30T16:36:04.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-09T18:29:00.480", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203190"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://nodesecurity.io/advisories/express-no-charset-in-content-type-header"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}