nodejs node-js CVE-2018-5407 vulnerability in nodejs and Other Products
Published on November 15, 2018

product logo product logo product logo product logo product logo product logo product logo product logo
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2018-5407 has been classified to as an Information Disclosure vulnerability or weakness.


Products Associated with CVE-2018-5407

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-5407 are published in these products:

nodejs node.js
 
OpenSSL
 
Oracle Api Gateway
 
Oracle Application Server
 
Oracle Enterprise Manager Base Platform
 
Oracle Enterprise Manager Ops Center
 
Oracle Mysql Enterprise Backup
 
Oracle Peoplesoft Enterprise Peopletools
 
Oracle Primavera P6 Enterprise Project Portfolio Management
 
Oracle Tuxedo
 
Oracle VM VirtualBox
 
Tenable Nessus
 
Canonical Ubuntu Linux
 
Debian Linux
 
Red Hat Enterprise Linux Desktop
 
Red Hat Enterprise Linux Server
 
Red Hat Enterprise Linux Server Aus
 
Red Hat Enterprise Linux Server Eus
 
Red Hat Enterprise Linux Server Tus
 
Red Hat Enterprise Linux Workstation
 

Exploit Probability

EPSS
0.64%
Percentile
70.34%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.