Vulnerability Name:

CVE-2022-35256 (CCN-236964)

Assigned:2022-09-22
Published:2022-09-22
Updated:2023-05-12
Summary:Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
6.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-35256

Source: support@hackerone.com
Type: Third Party Advisory
support@hackerone.com

Source: XF
Type: UNKNOWN
nodejs-cve202235256-request-smuggling(236964)

Source: support@hackerone.com
Type: Exploit, Issue Tracking, Third Party Advisory
support@hackerone.com

Source: CCN
Type: Node.js Blog, 2022-09-23
September 22nd 2022 Security Releases

Source: support@hackerone.com
Type: Third Party Advisory
support@hackerone.com

Source: CCN
Type: IBM Security Bulletin 6830297 (Answer Retrieval for Watson Discovery)
Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.8 and earlier

Source: CCN
Type: IBM Security Bulletin 6831337 (Voice Gateway)
Multiple Vulnerabilities in node.js

Source: CCN
Type: IBM Security Bulletin 6831799 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6832402 (Watson Assistant for Cloud Pak for data)
Multiple Vulnerabilities in node.js

Source: CCN
Type: IBM Security Bulletin 6832818 (Event Streams)
Vulnerabilities in Node.js affect IBM Event Streams (CVE-2022-35255 and CVE-2022-35256)

Source: CCN
Type: IBM Security Bulletin 6833498 (Cloud Pak for Integration)
Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to Node.js vulnerabilities (CVE-2022-35256 and CVE-2022-35255)

Source: CCN
Type: IBM Security Bulletin 6833888 (Business Automation Workflow traditional)
Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow

Source: CCN
Type: IBM Security Bulletin 6840919 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Source: CCN
Type: IBM Security Bulletin 6843921 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container operands may be vulnerable to CVE-2022-35255 and CVE-2022-35256

Source: CCN
Type: IBM Security Bulletin 6848023 (Planning Analytics Workspace)
IBM Planning Analytics Workspace is affected by vulnerabilties

Source: CCN
Type: IBM Security Bulletin 6848225 (Netcool Operations Insight)
Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6848295 (Cloud Pak for Business Automation)
Security vulnerability is addressed with IBM Cloud Pak for Business Automation iFixes for November 2022

Source: CCN
Type: IBM Security Bulletin 6848587 (DataPower Gateway)
IBM DataPower Gateway vulnerable to HTTP request smuggling (CVE-2022-35256)

Source: CCN
Type: IBM Security Bulletin 6849223 (App Connect Enterprise)
IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to Node.js (CVE-2022-43548 & CVE-2022-35256)

Source: CCN
Type: IBM Security Bulletin 6909419 (Cloud Pak for Multicloud Management Monitoring)
IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple security vulnerabilities due to its use of NodeJS

Source: CCN
Type: IBM Security Bulletin 6986505 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:nodejs:node.js:14.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:app_connect:11.0.0.0:*:*:*:enterprise:*:*:*
  • OR cpe:/a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:datapower_gateway:10.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics_workspace:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:datapower_gateway:10.0.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:datapower_gateway:10.5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise:11.0.0.19:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:1253
    P
    		Security update for nodejs18 (Moderate)
    2023-02-15
    oval:com.redhat.rhsa:def:20230321
    P
    		RHSA-2023:0321: nodejs and nodejs-nodemon security, bug fix, and enhancement update (Moderate)
    2023-01-23
    oval:com.redhat.rhsa:def:20227830
    P
    		RHSA-2022:7830: nodejs:14 security update (Moderate)
    2022-11-08
    oval:com.redhat.rhsa:def:20227821
    P
    		RHSA-2022:7821: nodejs:18 security update (Important)
    2022-11-08
    oval:com.redhat.rhsa:def:20226963
    P
    		RHSA-2022:6963: nodejs security update (Important)
    2022-10-18
    oval:com.redhat.rhsa:def:20226964
    P
    		RHSA-2022:6964: nodejs:16 security update (Important)
    2022-10-17
    oval:org.opensuse.security:def:641
    P
    		Security update for nodejs12 (Moderate) (in QA)
    2022-09-30
    oval:org.opensuse.security:def:642
    P
    		Security update for nodejs10 (Moderate) (in QA)
    2022-09-30
    oval:org.opensuse.security:def:636
    P
    		Security update for nodejs16 (Important) (in QA)
    2022-09-29
    oval:org.opensuse.security:def:637
    P
    		Security update for nodejs14 (Moderate) (in QA)
    2022-09-29
    BACK
    nodejs node.js 14.0
    ibm app connect 11.0.0.0
    ibm integration bus 10.0.0.0
    ibm cognos analytics 11.1
    ibm voice gateway 1.0.2
    ibm voice gateway 1.0.3
    ibm cloud transformation advisor 2.0.1
    ibm voice gateway 1.0.2.4
    ibm voice gateway 1.0.4
    ibm voice gateway 1.0.5
    ibm event streams 10.0.0
    ibm voice gateway 1.0.6
    ibm event streams 10.1.0
    ibm datapower gateway 10.0.1.0
    ibm voice gateway 1.0.7
    ibm app connect enterprise 12.0.1.0
    ibm event streams 10.3.0
    ibm event streams 10.3.1
    ibm planning analytics workspace 2.0
    ibm business automation workflow 20.0.0.1
    ibm business automation workflow 20.0.0.2
    ibm business automation workflow 21.0.1
    ibm cloud pak for business automation 18.0.0
    ibm cloud pak for business automation 18.0.2
    ibm cloud pak for business automation 19.0.1
    ibm cloud pak for business automation 19.0.3
    ibm cloud pak for business automation 20.0.1
    ibm cloud pak for business automation 20.0.3
    ibm cloud pak for business automation 21.0.1 -
    ibm cloud pak for business automation 21.0.2 -
    ibm cloud pak for business automation 21.0.3 -
    ibm datapower gateway 10.0.4.0
    ibm app connect enterprise certified container 4.1
    ibm app connect enterprise certified container 4.2
    ibm datapower gateway 10.5.0.0
    ibm business automation workflow 22.0.1
    ibm cloud pak for business automation 22.0.1 -
    ibm app connect enterprise certified container 5.0
    ibm app connect enterprise certified container 5.1
    ibm app connect enterprise certified container 5.2
    ibm app connect enterprise certified container 6.0
    ibm app connect enterprise certified container 6.1
    ibm app connect enterprise 11.0.0.19