High severity7.5NVD Advisory· Published Apr 13, 2016· Updated Jun 17, 2026
CVE-2016-2515
CVE-2016-2515
Description
Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service (CPU consumption or partial outage) via a long (1) header or (2) URI that is matched against an improper regular expression.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
hawknpm | >= 4.0.0, < 4.1.1 | 4.1.1 |
hawknpm | < 3.1.3 | 3.1.3 |
Affected products
3cpe:2.3:a:hawk_project:hawk:3.1.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hawk_project:hawk:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:hawk_project:hawk:4.1.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
9- github.com/hueniverse/hawk/commit/0833f99ba64558525995a7e21d4093da1f3e15fanvdPatchWEB
- github.com/hueniverse/hawk/issues/168nvdPatchWEB
- github.com/advisories/GHSA-jcpv-g9rr-qxrcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-2515ghsaADVISORY
- www.openwall.com/lists/oss-security/2016/02/20/1nvdWEB
- www.openwall.com/lists/oss-security/2016/02/20/2nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- www.npmjs.com/advisories/77ghsaWEB
- nodesecurity.io/advisories/77nvd
News mentions
0No linked articles in our index yet.