CVE-2015-9241
Denial of Service in hapi
EPSS 0.35%
Description
Versions of `hapi` prior to 11.1.3 are affected by a denial of service vulnerability. The vulnerability is triggered when certain input is passed into the If-Modified-Since or Last-Modified headers. This causes an 'illegal access' exception to be raised, and instead of sending a HTTP 500 error back to the sender, hapi will continue to hold the socket open until timed out (default node timeout is 2 minutes). ## Recommendation Update to v11.1.3 or later
How to fix CVE-2015-9241
To remediate CVE-2015-9241, upgrade the affected package to a fixed version below.
- —upgrade to 11.1.3 or later
Is CVE-2015-9241 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 11.1.3