{
  "modified": "2025-08-09T19:01:26Z",
  "published": "2012-08-13T23:55:01Z",
  "id": "CVE-2012-2330",
  "details": "The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/49066"
    },
    {
      "type": "ARTICLE",
      "url": "http://blog.nodejs.org/2012/05/04/version-0-6-17-stable/"
    },
    {
      "type": "EVIDENCE",
      "url": "https://github.com/joyent/node/commit/7b3fb22"
    },
    {
      "type": "EVIDENCE",
      "url": "https://github.com/joyent/node/commit/c9a231d"
    },
    {
      "type": "FIX",
      "url": "https://github.com/joyent/node/commit/7b3fb22"
    },
    {
      "type": "FIX",
      "url": "https://github.com/joyent/node/commit/c9a231d"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/08/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/08/8"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K99038439?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    }
  ]
}