All the vulnerabilites related to F5 - NGINX
var-201707-1309
Vulnerability from variot
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. nginx is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to obtain sensitive information or may crash the application resulting in a denial-of-service condition. nginx 0.5.6 through 1.13.2 are vulnerable. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The range filter module is one of the range filter modules.
For the oldstable distribution (jessie), this problem has been fixed in version 1.6.2-5+deb8u5.
For the stable distribution (stretch), this problem has been fixed in version 1.10.3-1+deb9u1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your nginx packages.
Ubuntu Security Notice USN-3352-1 July 13, 2017
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
nginx could be made to expose sensitive information over the network. A remote attacker could use this to expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: nginx-common 1.10.3-1ubuntu3.1 nginx-core 1.10.3-1ubuntu3.1 nginx-extras 1.10.3-1ubuntu3.1 nginx-full 1.10.3-1ubuntu3.1 nginx-light 1.10.3-1ubuntu3.1
Ubuntu 16.10: nginx-common 1.10.1-0ubuntu1.3 nginx-core 1.10.1-0ubuntu1.3 nginx-extras 1.10.1-0ubuntu1.3 nginx-full 1.10.1-0ubuntu1.3 nginx-light 1.10.1-0ubuntu1.3
Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.2 nginx-core 1.10.3-0ubuntu0.16.04.2 nginx-extras 1.10.3-0ubuntu0.16.04.2 nginx-full 1.10.3-0ubuntu0.16.04.2 nginx-light 1.10.3-0ubuntu0.16.04.2
Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.8 nginx-core 1.4.6-1ubuntu3.8 nginx-extras 1.4.6-1ubuntu3.8 nginx-full 1.4.6-1ubuntu3.8 nginx-light 1.4.6-1ubuntu3.8
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Low: rh-nginx110-nginx security update Advisory ID: RHSA-2017:2538-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:2538 Issue date: 2017-08-28 CVE Names: CVE-2017-7529 =====================================================================
- Summary:
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529)
Red Hat would like to thank the Nginx project for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-7529 https://access.redhat.com/security/updates/classification/#low
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZpJOQXlSAg2UNWIIRAmScAJ4wJSfq0I+2JBvww6c9AkJKZx4YAACdHwbT Rf+yBkpEe91OHNNto3rboqM= =rlDh -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201707-1309", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.12.1" }, { "model": "enterprise", "scope": "lte", "trust": 1.0, "vendor": "puppet", "version": "2017.1.1" }, { "model": "enterprise", "scope": "lte", "trust": 1.0, "vendor": "puppet", "version": "2017.2.3" }, { "model": "enterprise", "scope": "gte", "trust": 1.0, "vendor": "puppet", "version": "2017.1.0" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.13.2" }, { "model": "enterprise", "scope": "gte", "trust": 1.0, "vendor": "puppet", "version": "2017.2.1" }, { "model": "enterprise", "scope": "lt", "trust": 1.0, "vendor": "puppet", "version": "2016.4.7" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.13.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.9, "vendor": "nginx", "version": "1.11.12" }, { "model": "nginx", "scope": null, "trust": 0.8, "vendor": "igor sysoev", "version": null }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.11.10" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.13.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.11.13" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.11.9" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.13.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.11.8" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.13.2" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.11.11" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.11.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.9.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.8.55" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.8.36" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.7.69" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.6.39" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.6.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.0" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.13.3" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.12.1" } ], "sources": [ { "db": "BID", "id": "99534" }, { "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "db": "NVD", "id": "CVE-2017-7529" }, { "db": "CNNVD", "id": "CNNVD-201707-563" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.12.1", "versionStartIncluding": "0.5.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.13.2", "versionStartIncluding": "1.13.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2017.1.1", "versionStartIncluding": "2017.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2017.2.3", "versionStartIncluding": "2017.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2016.4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-7529" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "99534" } ], "trust": 0.3 }, "cve": "CVE-2017-7529", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2017-7529", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-115732", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2017-7529", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-7529", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201707-563", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-115732", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2017-7529", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-115732" }, { "db": "VULMON", "id": "CVE-2017-7529" }, { "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "db": "NVD", "id": "CVE-2017-7529" }, { "db": "CNNVD", "id": "CNNVD-201707-563" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. nginx is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAttackers can exploit this issue to obtain sensitive information or may crash the application resulting in a denial-of-service condition. \nnginx 0.5.6 through 1.13.2 are vulnerable. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The range filter module is one of the range filter modules. \n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.6.2-5+deb8u5. \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.10.3-1+deb9u1. \n\nFor the unstable distribution (sid), this problem will be fixed soon. \n\nWe recommend that you upgrade your nginx packages. \n==========================================================================\nUbuntu Security Notice USN-3352-1\nJuly 13, 2017\n\nnginx vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nnginx could be made to expose sensitive information over the network. A remote attacker could use this to expose\nsensitive information. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n nginx-common 1.10.3-1ubuntu3.1\n nginx-core 1.10.3-1ubuntu3.1\n nginx-extras 1.10.3-1ubuntu3.1\n nginx-full 1.10.3-1ubuntu3.1\n nginx-light 1.10.3-1ubuntu3.1\n\nUbuntu 16.10:\n nginx-common 1.10.1-0ubuntu1.3\n nginx-core 1.10.1-0ubuntu1.3\n nginx-extras 1.10.1-0ubuntu1.3\n nginx-full 1.10.1-0ubuntu1.3\n nginx-light 1.10.1-0ubuntu1.3\n\nUbuntu 16.04 LTS:\n nginx-common 1.10.3-0ubuntu0.16.04.2\n nginx-core 1.10.3-0ubuntu0.16.04.2\n nginx-extras 1.10.3-0ubuntu0.16.04.2\n nginx-full 1.10.3-0ubuntu0.16.04.2\n nginx-light 1.10.3-0ubuntu0.16.04.2\n\nUbuntu 14.04 LTS:\n nginx-common 1.4.6-1ubuntu3.8\n nginx-core 1.4.6-1ubuntu3.8\n nginx-extras 1.4.6-1ubuntu3.8\n nginx-full 1.4.6-1ubuntu3.8\n nginx-light 1.4.6-1ubuntu3.8\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: rh-nginx110-nginx security update\nAdvisory ID: RHSA-2017:2538-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2538\nIssue date: 2017-08-28\nCVE Names: CVE-2017-7529 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx110-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and\nIMAP protocols, with a strong focus on high concurrency, performance and\nlow memory usage. A remote attacker could possibly\nexploit this flaw to disclose parts of the cache file header, or, if used\nin combination with third party modules, disclose potentially sensitive\nmemory by sending specially crafted HTTP requests. (CVE-2017-7529)\n\nRed Hat would like to thank the Nginx project for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-7529\nhttps://access.redhat.com/security/updates/classification/#low\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZpJOQXlSAg2UNWIIRAmScAJ4wJSfq0I+2JBvww6c9AkJKZx4YAACdHwbT\nRf+yBkpEe91OHNNto3rboqM=\n=rlDh\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"", "sources": [ { "db": "NVD", "id": "CVE-2017-7529" }, { "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "db": "BID", "id": "99534" }, { "db": "VULHUB", "id": "VHN-115732" }, { "db": "VULMON", "id": "CVE-2017-7529" }, { "db": "PACKETSTORM", "id": "143348" }, { "db": "PACKETSTORM", "id": "143347" }, { "db": "PACKETSTORM", "id": "143935" }, { "db": "PACKETSTORM", "id": "164240" } ], "trust": 2.43 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-115732", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-115732" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-7529", "trust": 3.3 }, { "db": "BID", "id": "99534", "trust": 2.0 }, { "db": "SECTRACK", "id": "1039238", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2017-006088", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201707-563", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1701", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "143935", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "143348", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "143347", "trust": 0.2 }, { "db": "SEEBUG", "id": "SSVID-96273", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-115732", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2017-7529", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-115732" }, { "db": "VULMON", "id": "CVE-2017-7529" }, { "db": "BID", "id": "99534" }, { "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "db": "PACKETSTORM", "id": "143348" }, { "db": "PACKETSTORM", "id": "143347" }, { "db": "PACKETSTORM", "id": "143935" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2017-7529" }, { "db": "CNNVD", "id": "CNNVD-201707-563" } ] }, "id": "VAR-201707-1309", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-115732" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:53:03.181000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2017-7529", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" }, { "title": "Nginx range filter Fixes for module digital error vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=71698" }, { "title": "Ubuntu Security Notice: nginx vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3352-1" }, { "title": "Debian Security Advisories: DSA-3908-1 nginx -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=704f48ff7bd09792912d23527ab54543" }, { "title": "Debian CVElist Bug Report Logs: nginx: CVE-2017-7529 Integer overflow in the range filter", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a0f173670cb05b0faed5127f8a0445b1" }, { "title": "Amazon Linux AMI: ALAS-2017-894", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-894" }, { "title": "Red Hat: CVE-2017-7529", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-7529" }, { "title": "Arch Linux Advisories: [ASA-201707-12] nginx-mainline: information disclosure", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201707-12" }, { "title": "Arch Linux Advisories: [ASA-201707-11] nginx: information disclosure", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201707-11" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-7529" }, { "title": "nginxpwner", "trust": 0.1, "url": "https://github.com/stark0de/nginxpwner " }, { "title": "cve-2017-7529", "trust": 0.1, "url": "https://github.com/cved-sources/cve-2017-7529 " }, { "title": "nginx-CVE-2017-7529", "trust": 0.1, "url": "https://github.com/cyberharsh/nginx-cve-2017-7529 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-7529" }, { "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "db": "CNNVD", "id": "CNNVD-201707-563" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-190", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-115732" }, { "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "db": "NVD", "id": "CVE-2017-7529" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2017:2538" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/99534" }, { "trust": 1.7, "url": "https://puppet.com/security/cve/cve-2017-7529" }, { "trust": 1.7, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1039238" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7529" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1701/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://nginx.org/#2017-07-11" }, { "trust": 0.3, "url": "http://nginx.org/en/security_advisories.html" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.ubuntu.com/usn/usn-3352-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-1ubuntu3.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.8" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.10.1-0ubuntu1.3" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-7529" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.1, "url": "https://developer.apple.com/xcode/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747" }, { "trust": 0.1, "url": "https://support.apple.com/ht212818." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742" } ], "sources": [ { "db": "VULHUB", "id": "VHN-115732" }, { "db": "BID", "id": "99534" }, { "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "db": "PACKETSTORM", "id": "143348" }, { "db": "PACKETSTORM", "id": "143347" }, { "db": "PACKETSTORM", "id": "143935" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2017-7529" }, { "db": "CNNVD", "id": "CNNVD-201707-563" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-115732" }, { "db": "VULMON", "id": "CVE-2017-7529" }, { "db": "BID", "id": "99534" }, { "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "db": "PACKETSTORM", "id": "143348" }, { "db": "PACKETSTORM", "id": "143347" }, { "db": "PACKETSTORM", "id": "143935" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2017-7529" }, { "db": "CNNVD", "id": "CNNVD-201707-563" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-07-13T00:00:00", "db": "VULHUB", "id": "VHN-115732" }, { "date": "2017-07-13T00:00:00", "db": "VULMON", "id": "CVE-2017-7529" }, { "date": "2017-07-11T00:00:00", "db": "BID", "id": "99534" }, { "date": "2017-08-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "date": "2017-07-14T02:16:01", "db": "PACKETSTORM", "id": "143348" }, { "date": "2017-07-14T02:15:51", "db": "PACKETSTORM", "id": "143347" }, { "date": "2017-08-28T21:24:00", "db": "PACKETSTORM", "id": "143935" }, { "date": "2021-09-22T16:28:58", "db": "PACKETSTORM", "id": "164240" }, { "date": "2017-07-13T13:29:00.220000", "db": "NVD", "id": "CVE-2017-7529" }, { "date": "2017-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201707-563" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-115732" }, { "date": "2022-01-24T00:00:00", "db": "VULMON", "id": "CVE-2017-7529" }, { "date": "2017-07-11T00:00:00", "db": "BID", "id": "99534" }, { "date": "2017-08-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "date": "2022-01-24T16:46:04.030000", "db": "NVD", "id": "CVE-2017-7529" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201707-563" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "143347" }, { "db": "PACKETSTORM", "id": "143935" }, { "db": "CNNVD", "id": "CNNVD-201707-563" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nginx of range filter Module integer overflow vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-006088" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201707-563" } ], "trust": 0.6 } }
var-200911-0310
Vulnerability from variot
src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. The 'nginx' program is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22
http://security.gentoo.org/
Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.0.14 >= 1.0.14
Description
Multiple vulnerabilities have been found in nginx:
- The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555).
- The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896).
- nginx does not properly sanitize user input for the the WebDAV COPY or MOVE methods (CVE-2009-3898).
- The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315).
- nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180).
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the nginx process, cause a Denial of Service condition, create or overwrite arbitrary files, or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-22.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Gentoo update for nginx
SECUNIA ADVISORY ID: SA48577
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48577/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48577
RELEASE DATE: 2012-03-28
DISCUSS ADVISORY: http://secunia.com/advisories/48577/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48577/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48577
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Gentoo has issued an update for nginx. This fixes a weakness, a security issue, and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), manipulate certain data, and potentially compromise a vulnerable system.
For more information: SA36751 SA36818 SA37291 SA46798 SA48366
SOLUTION: Update to "www-servers/nginx-1.0.14" or later.
ORIGINAL ADVISORY: GLSA 201203-22: http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200911-0310", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.49" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.45" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.45" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.42" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.39" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.47" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.59" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.50" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.51" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.41" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.61" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.48" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.57" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.42" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.43" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.46" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.39" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.54" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.61" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.43" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.46" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.55" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.56" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.50" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.40" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.60" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.54" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.57" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.53" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.51" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.56" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.39" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.44" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.49" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.47" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.55" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.52" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.40" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.48" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.53" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.41" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.59" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.44" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.52" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.45" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.43" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "nginx", "version": "0.6.1516" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.60" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.41" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.58" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.42" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.40" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.44" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.58" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.35" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.14" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.1.0 to 0.4.14" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.6.x" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.7.x" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.x" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.6.39" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.5.x" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.5.38" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.7.62" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.49" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.48" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.46" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.47" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.50" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.11" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.61" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.38" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.32" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.5.37" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.5" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.4.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.4.13" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.4" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" } ], "sources": [ { "db": "BID", "id": "36839" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nginx:nginx:0.6.1516:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2009-3896" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Jasson Bell", "sources": [ { "db": "BID", "id": "36839" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ], "trust": 0.9 }, "cve": "CVE-2009-3896", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2009-3896", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-41342", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2009-3896", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-200911-243", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-41342", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-41342" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. The \u0027nginx\u0027 program is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: nginx: Multiple vulnerabilities\n Date: March 28, 2012\n Bugs: #293785, #293786, #293788, #389319, #408367\n ID: 201203-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.0.14 \u003e= 1.0.14\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in nginx:\n\n* The TLS protocol does not properly handle session renegotiation\n requests (CVE-2009-3555). \n* The \"ngx_http_process_request_headers()\" function in ngx_http_parse.c\n could cause a NULL pointer dereference (CVE-2009-3896). \n* nginx does not properly sanitize user input for the the WebDAV COPY\n or MOVE methods (CVE-2009-3898). \n* The \"ngx_resolver_copy()\" function in ngx_resolver.c contains a\n boundary error which could cause a heap-based buffer overflow\n (CVE-2011-4315). \n* nginx does not properly parse HTTP header responses which could\n expose sensitive information (CVE-2012-1180). \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the nginx process, cause a Denial of Service condition,\ncreate or overwrite arbitrary files, or obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.0.14\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2009-3896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896\n[ 3 ] CVE-2009-3898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898\n[ 4 ] CVE-2011-4315\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315\n[ 5 ] CVE-2012-1180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-22.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nGentoo update for nginx\n\nSECUNIA ADVISORY ID:\nSA48577\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48577/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577\n\nRELEASE DATE:\n2012-03-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48577/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48577/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nGentoo has issued an update for nginx. This fixes a weakness, a\nsecurity issue, and multiple vulnerabilities, which can be exploited\nby malicious people to disclose certain sensitive information, bypass\ncertain security restrictions, cause a DoS (Denial of Service),\nmanipulate certain data, and potentially compromise a vulnerable\nsystem. \n\nFor more information:\nSA36751\nSA36818\nSA37291\nSA46798\nSA48366\n\nSOLUTION:\nUpdate to \"www-servers/nginx-1.0.14\" or later. \n\nORIGINAL ADVISORY:\nGLSA 201203-22:\nhttp://www.gentoo.org/security/en/glsa/glsa-201203-22.xml\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "BID", "id": "36839" }, { "db": "VULHUB", "id": "VHN-41342" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2009-3896", "trust": 2.9 }, { "db": "BID", "id": "36839", "trust": 2.0 }, { "db": "SECUNIA", "id": "48577", "trust": 1.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/20/1", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/20/6", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/23/10", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2009-005107", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200911-243", "trust": 0.7 }, { "db": "SEEBUG", "id": "SSVID-87573", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-41342", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111273", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111263", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-41342" }, { "db": "BID", "id": "36839" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "id": "VAR-200911-0310", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-41342" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:54:43.254000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://nginx.org/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005107" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-41342" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "NVD", "id": "CVE-2009-3896" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/36839" }, { "trust": 1.7, "url": "http://secunia.com/advisories/48577" }, { "trust": 1.7, "url": "http://www.debian.org/security/2009/dsa-1920" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2009/11/20/6" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "trust": 1.7, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz" }, { "trust": 1.7, "url": "http://sysoev.ru/nginx/patch.null.pointer.txt" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=539565" }, { "trust": 1.6, "url": "http://marc.info/?l=nginx\u0026m=125692080328141\u0026w=2" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3896" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3896" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.1, "url": "http://marc.info/?l=nginx\u0026amp;m=125692080328141\u0026amp;w=2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3896" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4315" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3896" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4315" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "http://secunia.com/psi_30_beta_launch" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48577/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48577/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-41342" }, { "db": "BID", "id": "36839" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-41342" }, { "db": "BID", "id": "36839" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-11-24T00:00:00", "db": "VULHUB", "id": "VHN-41342" }, { "date": "2009-10-27T00:00:00", "db": "BID", "id": "36839" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "date": "2012-03-29T02:37:12", "db": "PACKETSTORM", "id": "111273" }, { "date": "2012-03-28T06:36:19", "db": "PACKETSTORM", "id": "111263" }, { "date": "2009-11-24T17:30:00.377000", "db": "NVD", "id": "CVE-2009-3896" }, { "date": "2009-10-27T00:00:00", "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-41342" }, { "date": "2015-04-13T20:25:00", "db": "BID", "id": "36839" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "date": "2021-11-10T15:52:55.747000", "db": "NVD", "id": "CVE-2009-3896" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200911-243" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of src/http/ngx_http_parse.c Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005107" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200911-243" } ], "trust": 0.6 } }
var-201204-0227
Vulnerability from variot
Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. nginx is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. nginx versions 1.1.3 through 1.1.18 and 1.0.7 through 1.0.14 are vulnerable; other versions may also be affected. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. Failure to do so will result in a denial of service. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-07
http://security.gentoo.org/
Severity: Normal Title: nginx: User-assisted execution of arbitrary code Date: June 21, 2012 Bugs: #411751 ID: 201206-07
Synopsis
A buffer overflow vulnerability in nginx could result in the execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.0.15 >= 1.0.15
Description
An error in ngx_http_mp4_module.c could cause a buffer overflow.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.15"
References
[ 1 ] CVE-2012-2089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2089
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-07.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201204-0227", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "17" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "16" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.1.18" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.0.14" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.1.3" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "15" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.0.7" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.0.7 to 1.0.14" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.1.3 to 1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.10" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.1.17" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.9" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.8" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "1.1.19" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "1.0.15" } ], "sources": [ { "db": "BID", "id": "52999" }, { "db": "JVNDB", "id": "JVNDB-2012-002087" }, { "db": "NVD", "id": "CVE-2012-2089" }, { "db": "CNNVD", "id": "CNNVD-201204-276" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.14", "versionStartIncluding": "1.0.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.1.18", "versionStartIncluding": "1.1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2012-2089" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Matthew Daley", "sources": [ { "db": "BID", "id": "52999" }, { "db": "CNNVD", "id": "CNNVD-201204-276" } ], "trust": 0.9 }, "cve": "CVE-2012-2089", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2012-2089", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-55370", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2012-2089", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201204-276", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-55370", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-55370" }, { "db": "JVNDB", "id": "JVNDB-2012-002087" }, { "db": "NVD", "id": "CVE-2012-2089" }, { "db": "CNNVD", "id": "CNNVD-201204-276" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. nginx is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAttackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. \nnginx versions 1.1.3 through 1.1.18 and 1.0.7 through 1.0.14 are vulnerable; other versions may also be affected. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. Failure to do so will result in a denial of service. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201206-07\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: User-assisted execution of arbitrary code\n Date: June 21, 2012\n Bugs: #411751\n ID: 201206-07\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA buffer overflow vulnerability in nginx could result in the execution\nof arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.0.15 \u003e= 1.0.15\n\nDescription\n===========\n\nAn error in ngx_http_mp4_module.c could cause a buffer overflow. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.0.15\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-2089\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2089\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-07.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-2089" }, { "db": "JVNDB", "id": "JVNDB-2012-002087" }, { "db": "BID", "id": "52999" }, { "db": "VULHUB", "id": "VHN-55370" }, { "db": "PACKETSTORM", "id": "114012" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-2089", "trust": 2.9 }, { "db": "BID", "id": "52999", "trust": 2.0 }, { "db": "SECTRACK", "id": "1026924", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2012/04/12/9", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2012-002087", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201204-276", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "114012", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-55370", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-55370" }, { "db": "BID", "id": "52999" }, { "db": "JVNDB", "id": "JVNDB-2012-002087" }, { "db": "PACKETSTORM", "id": "114012" }, { "db": "NVD", "id": "CVE-2012-2089" }, { "db": "CNNVD", "id": "CNNVD-201204-276" } ] }, "id": "VAR-201204-0227", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-55370" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:40:07.914000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "nginx security advisories", "trust": 0.8, "url": "http://nginx.org/en/security_advisories.html" }, { "title": "nginx-1.0.15", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42976" }, { "title": "nginx-1.1.19", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42979" }, { "title": "nginx-1.1.19", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42978" }, { "title": "nginx-1.0.15", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42977" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-002087" }, { "db": "CNNVD", "id": "CNNVD-201204-276" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-55370" }, { "db": "JVNDB", "id": "JVNDB-2012-002087" }, { "db": "NVD", "id": "CVE-2012-2089" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://nginx.org/en/security_advisories.html" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id?1026924" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/52999" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/079388.html" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-may/079474.html" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-may/079467.html" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2012/04/12/9" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74831" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2089" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2089" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2089" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2089" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201206-07.xml" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." } ], "sources": [ { "db": "VULHUB", "id": "VHN-55370" }, { "db": "BID", "id": "52999" }, { "db": "JVNDB", "id": "JVNDB-2012-002087" }, { "db": "PACKETSTORM", "id": "114012" }, { "db": "NVD", "id": "CVE-2012-2089" }, { "db": "CNNVD", "id": "CNNVD-201204-276" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-55370" }, { "db": "BID", "id": "52999" }, { "db": "JVNDB", "id": "JVNDB-2012-002087" }, { "db": "PACKETSTORM", "id": "114012" }, { "db": "NVD", "id": "CVE-2012-2089" }, { "db": "CNNVD", "id": "CNNVD-201204-276" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-04-17T00:00:00", "db": "VULHUB", "id": "VHN-55370" }, { "date": "2012-04-12T00:00:00", "db": "BID", "id": "52999" }, { "date": "2012-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-002087" }, { "date": "2012-06-21T15:33:40", "db": "PACKETSTORM", "id": "114012" }, { "date": "2012-04-17T21:55:01.353000", "db": "NVD", "id": "CVE-2012-2089" }, { "date": "2012-04-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201204-276" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-55370" }, { "date": "2015-04-13T21:21:00", "db": "BID", "id": "52999" }, { "date": "2012-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-002087" }, { "date": "2021-11-10T15:57:01.200000", "db": "NVD", "id": "CVE-2012-2089" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201204-276" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201204-276" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of ngx_http_mp4_module.c Vulnerable to buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-002087" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201204-276" } ], "trust": 0.6 } }
var-202210-1347
Vulnerability from variot
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. F5 BIG-IP and so on are all products of F5 Company in the United States. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IQ is a software-based cloud management solution. F5 F5OS-A is an operating system software. F5 BIG-IP, BIG-IQ, F5OS-A, and F5OS-C have buffer error vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5281-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2022 https://www.debian.org/security/faq
Package : nginx CVE ID : CVE-2022-41741 CVE-2022-41742
It was discovered that parsing errors in the mp4 module of Nginx, a high-performance web and reverse proxy server, could result in denial of service, memory disclosure or potentially the execution of arbitrary code when processing a malformed mp4 file.
This module is only enabled in the nginx-extras binary package.
For the stable distribution (bullseye), these problems have been fixed in version 1.18.0-6.1+deb11u3.
We recommend that you upgrade your nginx packages.
For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNz9JcACgkQEMKTtsN8 Tjb4tg/7BRkAkF48UvvRjLolxVVuV1paSTRG8ArEeW3fHyA0fxs2UMuRL4ic1vqc i3wxAAfHvYoOnk+QBY20Ly2MN7S7OukNovKE9AZCPulyYkVjtIWNSBeY0PzCU60y RP/KCZAGoGEYi6s4SUrK194ved+7jIcybgLvvGA8FRKW3wTRvzRGMfR6NTLuP7B3 th0C5+KkapE8G5XlHWOIjv1h3Ok40cua7LtYx9RTITJ+wClvkJ6gPcCXXj/CnWWa PUvuEBwyr0PEBXfL9v1P8Eq1MmN+mWU9KeLYxIC+vcJxtpsYL67tMHIGTlDUgDVE FrXrDXi7XP/6hjl7t/J/cTPEwy/twX0emUQcUDlRNlOxh3skSmdPJP7DMu+t9UtQ suepgZ+oHfHh3gs9EWz2zRqbsVO03NjhKo9ebIjhe3H0P39cX3NN5qlSJeNTY45k VBDecnPQnhYqYuzqwXy5ZoUQDcU0Bo7zaUzeYhUsfXqrROV/tj+UTMrM2anHdQ4B kAOrCBpmGP1lLvDs2PzBcWmBtII/5VTKZep05xH0L+dZWDV07j1ekCzv3/kuKiMl GTJQ7yl3fgKjLdkjMFKQIfsm3xdYwzxjOmtEY86tUV0LjtdR2GlJtF4YdIQhA4b1 /R82ZisLfmZ4ElL+ua8iypLOe9reyO4EpVVDkeewFS64Ye1Wn3k=3mDY -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-5722-1 November 15, 2022
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in nginx.
Software Description: - nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that nginx incorrectly handled certain memory operations in the ngx_http_mp4_module module. (CVE-2022-41741, CVE-2022-41742)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: nginx 1.22.0-1ubuntu1.1 nginx-common 1.22.0-1ubuntu1.1 nginx-core 1.22.0-1ubuntu1.1 nginx-extras 1.22.0-1ubuntu1.1 nginx-full 1.22.0-1ubuntu1.1 nginx-light 1.22.0-1ubuntu1.1
Ubuntu 22.04 LTS: nginx 1.18.0-6ubuntu14.3 nginx-common 1.18.0-6ubuntu14.3 nginx-core 1.18.0-6ubuntu14.3 nginx-extras 1.18.0-6ubuntu14.3 nginx-full 1.18.0-6ubuntu14.3 nginx-light 1.18.0-6ubuntu14.3
Ubuntu 20.04 LTS: nginx 1.18.0-0ubuntu1.4 nginx-common 1.18.0-0ubuntu1.4 nginx-core 1.18.0-0ubuntu1.4 nginx-extras 1.18.0-0ubuntu1.4 nginx-full 1.18.0-0ubuntu1.4 nginx-light 1.18.0-0ubuntu1.4
Ubuntu 18.04 LTS: nginx 1.14.0-0ubuntu1.11 nginx-common 1.14.0-0ubuntu1.11 nginx-core 1.14.0-0ubuntu1.11 nginx-extras 1.14.0-0ubuntu1.11 nginx-full 1.14.0-0ubuntu1.11 nginx-light 1.14.0-0ubuntu1.11
Ubuntu 16.04 ESM: nginx 1.10.3-0ubuntu0.16.04.5+esm5 nginx-common 1.10.3-0ubuntu0.16.04.5+esm5 nginx-core 1.10.3-0ubuntu0.16.04.5+esm5 nginx-extras 1.10.3-0ubuntu0.16.04.5+esm5 nginx-full 1.10.3-0ubuntu0.16.04.5+esm5 nginx-light 1.10.3-0ubuntu0.16.04.5+esm5
Ubuntu 14.04 ESM: nginx 1.4.6-1ubuntu3.9+esm4 nginx-common 1.4.6-1ubuntu3.9+esm4 nginx-core 1.4.6-1ubuntu3.9+esm4 nginx-extras 1.4.6-1ubuntu3.9+esm4 nginx-full 1.4.6-1ubuntu3.9+esm4 nginx-light 1.4.6-1ubuntu3.9+esm4
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5722-1 CVE-2022-41741, CVE-2022-41742
Package Information: https://launchpad.net/ubuntu/+source/nginx/1.22.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.3 https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.4 https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.11
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1347", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx ingress controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.12.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "r1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.23.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "r2" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.22.0" }, { "model": "nginx ingress controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "2.4.0" }, { "model": "nginx ingress controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.9.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "37" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "36" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "r27" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "r22" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.1.3" }, { "model": "nginx ingress controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "2.0.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.23.1" } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41741" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.4.0", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.12.4", "versionStartIncluding": "1.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:plus:*:*:*", "cpe_name": [], "versionEndIncluding": "r27", "versionStartIncluding": "r22", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.23.1:*:*:*:open_source:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.23.0:*:*:*:open_source:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:open_source:*:*:*", "cpe_name": [], "versionEndIncluding": "1.22.0", "versionStartIncluding": "1.1.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:r2:*:*:*:open_source_subscription:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:r1:*:*:*:open_source_subscription:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41741" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Debian", "sources": [ { "db": "PACKETSTORM", "id": "169909" } ], "trust": 0.1 }, "cve": "CVE-2022-41741", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "f5sirt@f5.com", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.0, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-41741", "trust": 1.0, "value": "HIGH" }, { "author": "f5sirt@f5.com", "id": "CVE-2022-41741", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202210-1419", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41741" }, { "db": "NVD", "id": "CVE-2022-41741" }, { "db": "CNNVD", "id": "CNNVD-202210-1419" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. F5 BIG-IP and so on are all products of F5 Company in the United States. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IQ is a software-based cloud management solution. F5 F5OS-A is an operating system software. F5 BIG-IP, BIG-IQ, F5OS-A, and F5OS-C have buffer error vulnerabilities. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5281-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 15, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nginx\nCVE ID : CVE-2022-41741 CVE-2022-41742\n\nIt was discovered that parsing errors in the mp4 module of Nginx, a\nhigh-performance web and reverse proxy server, could result in denial\nof service, memory disclosure or potentially the execution of arbitrary\ncode when processing a malformed mp4 file. \n\nThis module is only enabled in the nginx-extras binary package. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.18.0-6.1+deb11u3. \n\nWe recommend that you upgrade your nginx packages. \n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNz9JcACgkQEMKTtsN8\nTjb4tg/7BRkAkF48UvvRjLolxVVuV1paSTRG8ArEeW3fHyA0fxs2UMuRL4ic1vqc\ni3wxAAfHvYoOnk+QBY20Ly2MN7S7OukNovKE9AZCPulyYkVjtIWNSBeY0PzCU60y\nRP/KCZAGoGEYi6s4SUrK194ved+7jIcybgLvvGA8FRKW3wTRvzRGMfR6NTLuP7B3\nth0C5+KkapE8G5XlHWOIjv1h3Ok40cua7LtYx9RTITJ+wClvkJ6gPcCXXj/CnWWa\nPUvuEBwyr0PEBXfL9v1P8Eq1MmN+mWU9KeLYxIC+vcJxtpsYL67tMHIGTlDUgDVE\nFrXrDXi7XP/6hjl7t/J/cTPEwy/twX0emUQcUDlRNlOxh3skSmdPJP7DMu+t9UtQ\nsuepgZ+oHfHh3gs9EWz2zRqbsVO03NjhKo9ebIjhe3H0P39cX3NN5qlSJeNTY45k\nVBDecnPQnhYqYuzqwXy5ZoUQDcU0Bo7zaUzeYhUsfXqrROV/tj+UTMrM2anHdQ4B\nkAOrCBpmGP1lLvDs2PzBcWmBtII/5VTKZep05xH0L+dZWDV07j1ekCzv3/kuKiMl\nGTJQ7yl3fgKjLdkjMFKQIfsm3xdYwzxjOmtEY86tUV0LjtdR2GlJtF4YdIQhA4b1\n/R82ZisLfmZ4ElL+ua8iypLOe9reyO4EpVVDkeewFS64Ye1Wn3k=3mDY\n-----END PGP SIGNATURE-----\n. =========================================================================\nUbuntu Security Notice USN-5722-1\nNovember 15, 2022\n\nnginx vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nIt was discovered that nginx incorrectly handled certain memory operations in\nthe ngx_http_mp4_module module. (CVE-2022-41741, CVE-2022-41742)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n nginx 1.22.0-1ubuntu1.1\n nginx-common 1.22.0-1ubuntu1.1\n nginx-core 1.22.0-1ubuntu1.1\n nginx-extras 1.22.0-1ubuntu1.1\n nginx-full 1.22.0-1ubuntu1.1\n nginx-light 1.22.0-1ubuntu1.1\n\nUbuntu 22.04 LTS:\n nginx 1.18.0-6ubuntu14.3\n nginx-common 1.18.0-6ubuntu14.3\n nginx-core 1.18.0-6ubuntu14.3\n nginx-extras 1.18.0-6ubuntu14.3\n nginx-full 1.18.0-6ubuntu14.3\n nginx-light 1.18.0-6ubuntu14.3\n\nUbuntu 20.04 LTS:\n nginx 1.18.0-0ubuntu1.4\n nginx-common 1.18.0-0ubuntu1.4\n nginx-core 1.18.0-0ubuntu1.4\n nginx-extras 1.18.0-0ubuntu1.4\n nginx-full 1.18.0-0ubuntu1.4\n nginx-light 1.18.0-0ubuntu1.4\n\nUbuntu 18.04 LTS:\n nginx 1.14.0-0ubuntu1.11\n nginx-common 1.14.0-0ubuntu1.11\n nginx-core 1.14.0-0ubuntu1.11\n nginx-extras 1.14.0-0ubuntu1.11\n nginx-full 1.14.0-0ubuntu1.11\n nginx-light 1.14.0-0ubuntu1.11\n\nUbuntu 16.04 ESM:\n nginx 1.10.3-0ubuntu0.16.04.5+esm5\n nginx-common 1.10.3-0ubuntu0.16.04.5+esm5\n nginx-core 1.10.3-0ubuntu0.16.04.5+esm5\n nginx-extras 1.10.3-0ubuntu0.16.04.5+esm5\n nginx-full 1.10.3-0ubuntu0.16.04.5+esm5\n nginx-light 1.10.3-0ubuntu0.16.04.5+esm5\n\nUbuntu 14.04 ESM:\n nginx 1.4.6-1ubuntu3.9+esm4\n nginx-common 1.4.6-1ubuntu3.9+esm4\n nginx-core 1.4.6-1ubuntu3.9+esm4\n nginx-extras 1.4.6-1ubuntu3.9+esm4\n nginx-full 1.4.6-1ubuntu3.9+esm4\n nginx-light 1.4.6-1ubuntu3.9+esm4\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5722-1\n CVE-2022-41741, CVE-2022-41742\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/nginx/1.22.0-1ubuntu1.1\n https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.3\n https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.4\n https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.11\n", "sources": [ { "db": "NVD", "id": "CVE-2022-41741" }, { "db": "VULHUB", "id": "VHN-429567" }, { "db": "PACKETSTORM", "id": "169909" }, { "db": "PACKETSTORM", "id": "169833" } ], "trust": 1.17 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41741", "trust": 1.9 }, { "db": "PACKETSTORM", "id": "169909", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "169833", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202210-1419", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2022.5236", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.6109", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.5959", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-429567", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-429567" }, { "db": "PACKETSTORM", "id": "169909" }, { "db": "PACKETSTORM", "id": "169833" }, { "db": "NVD", "id": "CVE-2022-41741" }, { "db": "CNNVD", "id": "CNNVD-202210-1419" } ] }, "id": "VAR-202210-1347", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-429567" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:54:59.381000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "F5 Nginx Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=237454" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202210-1419" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-429567" }, { "db": "NVD", "id": "CVE-2022-41741" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20230120-0005/" }, { "trust": 1.7, "url": "https://www.debian.org/security/2022/dsa-5281" }, { "trust": 1.7, "url": "https://support.f5.com/csp/article/k81926432" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bprvya4fs34vwb4fefynad7z2lfcjvei/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fd6m3pvvko35wlaa7gldbs6teq26sm64/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wborrvg7vvxyoaiad64zhes2u2viukfq/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wborrvg7vvxyoaiad64zhes2u2viukfq/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fd6m3pvvko35wlaa7gldbs6teq26sm64/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bprvya4fs34vwb4fefynad7z2lfcjvei/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/169833/ubuntu-security-notice-usn-5722-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5959" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41741/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/169909/debian-security-advisory-5281-1.html" }, { "trust": 0.6, "url": "http-mp4-module-39638" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/nginx-two-vulnerabilities-via-ngx-" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5236" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.6109" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41741" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/nginx" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41742" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-5722-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.11" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.22.0-1ubuntu1.1" } ], "sources": [ { "db": "VULHUB", "id": "VHN-429567" }, { "db": "PACKETSTORM", "id": "169909" }, { "db": "PACKETSTORM", "id": "169833" }, { "db": "NVD", "id": "CVE-2022-41741" }, { "db": "CNNVD", "id": "CNNVD-202210-1419" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-429567" }, { "db": "PACKETSTORM", "id": "169909" }, { "db": "PACKETSTORM", "id": "169833" }, { "db": "NVD", "id": "CVE-2022-41741" }, { "db": "CNNVD", "id": "CNNVD-202210-1419" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-10-19T00:00:00", "db": "VULHUB", "id": "VHN-429567" }, { "date": "2022-11-16T16:11:49", "db": "PACKETSTORM", "id": "169909" }, { "date": "2022-11-15T16:38:50", "db": "PACKETSTORM", "id": "169833" }, { "date": "2022-10-19T22:15:12.647000", "db": "NVD", "id": "CVE-2022-41741" }, { "date": "2022-10-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202210-1419" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-20T00:00:00", "db": "VULHUB", "id": "VHN-429567" }, { "date": "2023-11-07T03:52:58.060000", "db": "NVD", "id": "CVE-2022-41741" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202210-1419" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "PACKETSTORM", "id": "169833" }, { "db": "CNNVD", "id": "CNNVD-202210-1419" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "F5 Nginx Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202210-1419" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202210-1419" } ], "trust": 0.6 } }
var-200909-0576
Vulnerability from variot
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Nginx A web server contains a buffer underrun vulnerability. Nginx Is offered for various platforms HTTP Server and mail proxy server. Nginx Is ngx_http_parse_complex_uri() There was a problem with the function and it was crafted URI A buffer underrun may occur when processing.nginx Consists of a privileged master process and an unprivileged worker process. Arbitrary code execution or denial of service by a remote third party with the authority of a worker process (DoS) There is a possibility of being attacked. The 'nginx' program is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 0.7.62 >= 0.5.38 >= 0.6.39 >= 0.7.62
Description
Chris Ries reported a heap-based buffer underflow in the ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when parsing the request URI. NOTE: By default, nginx runs as the "nginx" user.
Workaround
There is no known workaround at this time.
Resolution
All nginx 0.5.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38
All nginx 0.6.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39
All nginx 0.7.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62
References
[ 1 ] CVE-2009-2629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200909-18.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-1884-1 security@debian.org http://www.debian.org/security/ Nico Golde September 14th, 2009 http://www.debian.org/security/faq
Package : nginx Vulnerability : buffer underflow Problem type : remote Debian-specific: no CVE ID : CVE-2009-2629
Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests.
For the oldstable distribution (etch), this problem has been fixed in version 0.4.13-2+etch2.
For the stable distribution (lenny), this problem has been fixed in version 0.6.32-3+lenny2.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in version 0.7.61-3.
We recommend that you upgrade your nginx packages.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
Debian (oldstable)
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb Size/MD5 checksum: 185032 15212749985501b223af7888447fc433
Debian GNU/Linux 5.0 alias lenny
Debian (stable)
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz Size/MD5 checksum: 10720 b2c8f555b7de4ac17b2c98247fd2ae6b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz Size/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb Size/MD5 checksum: 297782 dc05cbf94712134298acdedad2a4e85d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb Size/MD5 checksum: 268518 58dc10022dd7b20ff58a4b839be62a43
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb Size/MD5 checksum: 251688 7f5a9499de8ba40ae2caea7de183b966
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb Size/MD5 checksum: 282324 f0264b98d0564f51692292c0ec269a19
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb Size/MD5 checksum: 253060 a64340fa3a9a5b58e23267f13abfeeed
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb Size/MD5 checksum: 420004 a2e6de141194e41a60893b0b2c457f28
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb Size/MD5 checksum: 283220 04407318230621467ea3a42bfb11d724
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb Size/MD5 checksum: 283444 0bd0eb1e415d7d6877a95e21ddb91fa7
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb Size/MD5 checksum: 276056 fae6451ab5ac767f93d3229a9e01f3bf
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb Size/MD5 checksum: 256778 df6a47fe174736468910a4166fe0a064
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
iEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl pZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH =Xrul -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200909-0576", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.3, "vendor": "debian", "version": "5.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "6.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "12" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.8.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "4.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "11" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "10" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "0.5.38" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.7.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "0.7.62" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.1.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "0.6.39" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "0.8.15" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.6.0" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nginx", "version": null }, { "model": "nginx", "scope": "lte", "trust": 0.8, "vendor": "igor sysoev", "version": "0.1.0 from 0.5.37" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.6.39 earlier" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.7.62 earlier" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.15 earlier" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.10" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.61" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.38" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.5.37" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "0.8.15" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "0.7.62" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "0.6.39" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "0.5.38" } ], "sources": [ { "db": "CERT/CC", "id": "VU#180065" }, { "db": "BID", "id": "36384" }, { "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "db": "NVD", "id": "CVE-2009-2629" }, { "db": "CNNVD", "id": "CNNVD-200909-302" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.5.38", "versionStartIncluding": "0.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.6.39", "versionStartIncluding": "0.6.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.62", "versionStartIncluding": "0.7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.8.15", "versionStartIncluding": "0.8.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2009-2629" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Chris Ries", "sources": [ { "db": "BID", "id": "36384" }, { "db": "CNNVD", "id": "CNNVD-200909-302" } ], "trust": 0.9 }, "cve": "CVE-2009-2629", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2009-2629", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-40075", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2009-2629", "trust": 1.8, "value": "HIGH" }, { "author": "CARNEGIE MELLON", "id": "VU#180065", "trust": 0.8, "value": "4.22" }, { "author": "CNNVD", "id": "CNNVD-200909-302", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-40075", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#180065" }, { "db": "VULHUB", "id": "VHN-40075" }, { "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "db": "NVD", "id": "CVE-2009-2629" }, { "db": "CNNVD", "id": "CNNVD-200909-302" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Nginx A web server contains a buffer underrun vulnerability. Nginx Is offered for various platforms HTTP Server and mail proxy server. Nginx Is ngx_http_parse_complex_uri() There was a problem with the function and it was crafted URI A buffer underrun may occur when processing.nginx Consists of a privileged master process and an unprivileged worker process. Arbitrary code execution or denial of service by a remote third party with the authority of a worker process (DoS) There is a possibility of being attacked. The \u0027nginx\u0027 program is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 0.7.62 *\u003e= 0.5.38\n *\u003e= 0.6.39\n \u003e= 0.7.62\n\nDescription\n===========\n\nChris Ries reported a heap-based buffer underflow in the\nngx_http_parse_complex_uri() function in http/ngx_http_parse.c when\nparsing the request URI. NOTE: By default, nginx runs as the \"nginx\" user. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx 0.5.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38\n\nAll nginx 0.6.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39\n\nAll nginx 0.7.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62\n\nReferences\n==========\n\n [ 1 ] CVE-2009-2629\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200909-18.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2009 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1884-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nSeptember 14th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : nginx\nVulnerability : buffer underflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-2629\n\nChris Ries discovered that nginx, a high-performance HTTP server, reverse\nproxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when\nprocessing certain HTTP requests. \n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.4.13-2+etch2. \n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.6.32-3+lenny2. \n\nFor the testing distribution (squeeze), this problem will be fixed soon. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.7.61-3. \n\n\nWe recommend that you upgrade your nginx packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz\n Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz\n Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc\n Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb\n Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb\n Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb\n Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb\n Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb\n Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb\n Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb\n Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb\n Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb\n Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb\n Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb\n Size/MD5 checksum: 185032 15212749985501b223af7888447fc433\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc\n Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz\n Size/MD5 checksum: 10720 b2c8f555b7de4ac17b2c98247fd2ae6b\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz\n Size/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb\n Size/MD5 checksum: 297782 dc05cbf94712134298acdedad2a4e85d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb\n Size/MD5 checksum: 268518 58dc10022dd7b20ff58a4b839be62a43\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb\n Size/MD5 checksum: 251688 7f5a9499de8ba40ae2caea7de183b966\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb\n Size/MD5 checksum: 282324 f0264b98d0564f51692292c0ec269a19\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb\n Size/MD5 checksum: 253060 a64340fa3a9a5b58e23267f13abfeeed\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb\n Size/MD5 checksum: 420004 a2e6de141194e41a60893b0b2c457f28\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb\n Size/MD5 checksum: 283220 04407318230621467ea3a42bfb11d724\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb\n Size/MD5 checksum: 283444 0bd0eb1e415d7d6877a95e21ddb91fa7\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb\n Size/MD5 checksum: 276056 fae6451ab5ac767f93d3229a9e01f3bf\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb\n Size/MD5 checksum: 256778 df6a47fe174736468910a4166fe0a064\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl\npZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH\n=Xrul\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2009-2629" }, { "db": "CERT/CC", "id": "VU#180065" }, { "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "db": "BID", "id": "36384" }, { "db": "VULHUB", "id": "VHN-40075" }, { "db": "PACKETSTORM", "id": "81454" }, { "db": "PACKETSTORM", "id": "81284" } ], "trust": 2.88 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-40075", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-40075" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#180065", "trust": 3.6 }, { "db": "NVD", "id": "CVE-2009-2629", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2009-002152", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200909-302", "trust": 0.7 }, { "db": "BID", "id": "36384", "trust": 0.4 }, { "db": "PACKETSTORM", "id": "81454", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "81284", "trust": 0.2 }, { "db": "SEEBUG", "id": "SSVID-87569", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-69732", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "14830", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-40075", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#180065" }, { "db": "VULHUB", "id": "VHN-40075" }, { "db": "BID", "id": "36384" }, { "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "db": "PACKETSTORM", "id": "81454" }, { "db": "PACKETSTORM", "id": "81284" }, { "db": "NVD", "id": "CVE-2009-2629" }, { "db": "CNNVD", "id": "CNNVD-200909-302" } ] }, "id": "VAR-200909-0576", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-40075" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:58:03.931000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://nginx.net/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-002152" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-40075" }, { "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "db": "NVD", "id": "CVE-2009-2629" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://www.kb.cert.org/vuls/id/180065" }, { "trust": 2.5, "url": "http://www.debian.org/security/2009/dsa-1884" }, { "trust": 2.0, "url": "http://nginx.net/changes-0.5" }, { "trust": 2.0, "url": "http://nginx.net/changes-0.6" }, { "trust": 2.0, "url": "http://nginx.net/changes-0.7" }, { "trust": 1.7, "url": "http://sysoev.ru/nginx/patch.180065.txt" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html" }, { "trust": 1.4, "url": "http://nginx.net/changes" }, { "trust": 0.9, "url": "http://security.gentoo.org/glsa/glsa-200909-18.xml" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2629" }, { "trust": 0.8, "url": "about vulnerability notes" }, { "trust": 0.8, "url": "contact us about this vulnerability" }, { "trust": 0.8, "url": "provide a vendor statement" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu180065/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2629" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2629" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.debian.org/" }, { "trust": 0.1, "url": "http://packages.debian.org/\u003cpkg\u003e" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb" } ], "sources": [ { "db": "CERT/CC", "id": "VU#180065" }, { "db": "VULHUB", "id": "VHN-40075" }, { "db": "BID", "id": "36384" }, { "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "db": "PACKETSTORM", "id": "81454" }, { "db": "PACKETSTORM", "id": "81284" }, { "db": "NVD", "id": "CVE-2009-2629" }, { "db": "CNNVD", "id": "CNNVD-200909-302" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#180065" }, { "db": "VULHUB", "id": "VHN-40075" }, { "db": "BID", "id": "36384" }, { "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "db": "PACKETSTORM", "id": "81454" }, { "db": "PACKETSTORM", "id": "81284" }, { "db": "NVD", "id": "CVE-2009-2629" }, { "db": "CNNVD", "id": "CNNVD-200909-302" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-09-15T00:00:00", "db": "CERT/CC", "id": "VU#180065" }, { "date": "2009-09-15T00:00:00", "db": "VULHUB", "id": "VHN-40075" }, { "date": "2009-09-14T00:00:00", "db": "BID", "id": "36384" }, { "date": "2009-10-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "date": "2009-09-19T16:50:46", "db": "PACKETSTORM", "id": "81454" }, { "date": "2009-09-15T04:05:55", "db": "PACKETSTORM", "id": "81284" }, { "date": "2009-09-15T22:30:00.233000", "db": "NVD", "id": "CVE-2009-2629" }, { "date": "2009-09-15T00:00:00", "db": "CNNVD", "id": "CNNVD-200909-302" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-09-21T00:00:00", "db": "CERT/CC", "id": "VU#180065" }, { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-40075" }, { "date": "2015-05-07T17:02:00", "db": "BID", "id": "36384" }, { "date": "2009-10-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "date": "2021-11-10T15:52:54.030000", "db": "NVD", "id": "CVE-2009-2629" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-200909-302" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "81454" }, { "db": "CNNVD", "id": "CNNVD-200909-302" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability", "sources": [ { "db": "CERT/CC", "id": "VU#180065" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200909-302" } ], "trust": 0.6 } }
var-201307-0483
Vulnerability from variot
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. nginx is prone to a stack-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. The issue is fixed in nginx 1.4.1 and 1.5.0. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A denial of service vulnerability exists in the 'ngx_http_parse_chunked' function in http/ngx_http_parse.c in nginx versions 1.3.9 to 1.4.0. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-04
http://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: October 06, 2013 Bugs: #458726, #468870 ID: 201310-04
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.4.1-r2 >= 1.4.1-r2
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Furthermore, a context-dependent attacker may be able to obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.1-r2"
References
[ 1 ] CVE-2013-0337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337 [ 2 ] CVE-2013-2028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028 [ 3 ] CVE-2013-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-04.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . From: Maxim Dounin mdounin at mdounin.ru Tue May 7 11:30:26 UTC 2013
Hello!
Greg MacManus, of iSIGHT Partners Labs, found a security problem in several recent versions of nginx.
Patch for the problem can be found here:
http://nginx.org/download/patch.2013.chunked.txt
As a temporary workaround the following configuration can be used in each server{} block:
if ($http_transfer_encoding ~* chunked) {
return 444;
}
-- Maxim Dounin http://nginx.org/en/donation.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201307-0483", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "19" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.3.9" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.3.9 to 1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.4.0" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.4.4" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.3.9" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "1.5.7" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "1.4.1" } ], "sources": [ { "db": "BID", "id": "59699" }, { "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "db": "NVD", "id": "CVE-2013-2028" }, { "db": "CNNVD", "id": "CNNVD-201305-143" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.4.0", "versionStartIncluding": "1.3.9", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2013-2028" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Greg MacManus of iSIGHT Partners Labs", "sources": [ { "db": "BID", "id": "59699" }, { "db": "CNNVD", "id": "CNNVD-201305-143" } ], "trust": 0.9 }, "cve": "CVE-2013-2028", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2013-2028", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-62030", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2013-2028", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201305-143", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-62030", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2013-2028", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-62030" }, { "db": "VULMON", "id": "CVE-2013-2028" }, { "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "db": "NVD", "id": "CVE-2013-2028" }, { "db": "CNNVD", "id": "CNNVD-201305-143" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. nginx is prone to a stack-based buffer-overflow vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. \nThe issue is fixed in nginx 1.4.1 and 1.5.0. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A denial of service vulnerability exists in the \u0027ngx_http_parse_chunked\u0027 function in http/ngx_http_parse.c in nginx versions 1.3.9 to 1.4.0. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201310-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: October 06, 2013\n Bugs: #458726, #468870\n ID: 201310-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.4.1-r2 \u003e= 1.4.1-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could send a specially crafted request, possibly\nresulting in execution of arbitrary code with the privileges of the\nprocess, or a Denial of Service condition. Furthermore, a\ncontext-dependent attacker may be able to obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.4.1-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-0337\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337\n[ 2 ] CVE-2013-2028\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028\n[ 3 ] CVE-2013-2070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201310-04.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. From: Maxim Dounin mdounin at mdounin.ru\nTue May 7 11:30:26 UTC 2013\n\nHello!\n\nGreg MacManus, of iSIGHT Partners Labs, found a security problem\nin several recent versions of nginx. \n\nPatch for the problem can be found here:\n\nhttp://nginx.org/download/patch.2013.chunked.txt\n\nAs a temporary workaround the following configuration\ncan be used in each server{} block:\n\n if ($http_transfer_encoding ~* chunked) {\n return 444;\n }\n\n\n-- \nMaxim Dounin\nhttp://nginx.org/en/donation.html\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2013-2028" }, { "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "db": "BID", "id": "59699" }, { "db": "VULHUB", "id": "VHN-62030" }, { "db": "VULMON", "id": "CVE-2013-2028" }, { "db": "PACKETSTORM", "id": "123516" }, { "db": "PACKETSTORM", "id": "121560" } ], "trust": 2.25 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=25499", "trust": 0.4, "type": "exploit" }, { "reference": "https://www.scap.org.cn/vuln/vhn-62030", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-62030" }, { "db": "VULMON", "id": "CVE-2013-2028" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2013-2028", "trust": 3.1 }, { "db": "BID", "id": "59699", "trust": 2.1 }, { "db": "PACKETSTORM", "id": "121675", "trust": 1.8 }, { "db": "SECUNIA", "id": "55181", "trust": 1.8 }, { "db": "OSVDB", "id": "93037", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2013-003473", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201305-143", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "121560", "trust": 0.2 }, { "db": "EXPLOIT-DB", "id": "25499", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "125758", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "121712", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "122477", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "26737", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "25775", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "32277", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-85572", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-79430", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-79160", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-80363", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-62030", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2013-2028", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123516", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-62030" }, { "db": "VULMON", "id": "CVE-2013-2028" }, { "db": "BID", "id": "59699" }, { "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "db": "PACKETSTORM", "id": "123516" }, { "db": "PACKETSTORM", "id": "121560" }, { "db": "NVD", "id": "CVE-2013-2028" }, { "db": "CNNVD", "id": "CNNVD-201305-143" } ] }, "id": "VAR-201307-0483", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-62030" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:22:29.143000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "GLSA 201310-04", "trust": 0.8, "url": "http://www.gentoo.org/security/en/glsa/glsa-201310-04.xml" }, { "title": "Top Page", "trust": 0.8, "url": "http://nginx.org/ja/" }, { "title": "CVE-2013-2028", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html" }, { "title": "nginx \u0027ngx_http_parse.c\u0027 Repair measures for stack buffer error vulnerability", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=134168" }, { "title": "nginxpwn", "trust": 0.1, "url": "https://github.com/kitctf/nginxpwn " }, { "title": "hack4career", "trust": 0.1, "url": "https://github.com/mertsarica/hack4career " }, { "title": "docker-cve-2013-2028", "trust": 0.1, "url": "https://github.com/mambroziak/docker-cve-2013-2028 " }, { "title": "nginx-1.4.0", "trust": 0.1, "url": "https://github.com/danghvu/nginx-1.4.0 " }, { "title": "zeus-software-security", "trust": 0.1, "url": "https://github.com/alexgeunholee/zeus-software-security " }, { "title": "nginxhack", "trust": 0.1, "url": "https://github.com/jptr218/nginxhack " }, { "title": "non-controlflow-hijacking-datasets", "trust": 0.1, "url": "https://github.com/camel-clarkson/non-controlflow-hijacking-datasets " }, { "title": "exploit-development-case-studies", "trust": 0.1, "url": "https://github.com/dyjakan/exploit-development-case-studies " }, { "title": "LinuxFlaw", "trust": 0.1, "url": "https://github.com/mudongliang/linuxflaw " } ], "sources": [ { "db": "VULMON", "id": "CVE-2013-2028" }, { "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "db": "CNNVD", "id": "CNNVD-201305-143" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-189", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-62030" }, { "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "db": "NVD", "id": "CVE-2013-2028" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "http://www.securityfocus.com/bid/59699" }, { "trust": 1.9, "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml" }, { "trust": 1.9, "url": "http://nginx.org/download/patch.2013.chunked.txt" }, { "trust": 1.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-may/105176.html" }, { "trust": 1.8, "url": "http://packetstormsecurity.com/files/121675/nginx-1.3.9-1.4.0-denial-of-service.html" }, { "trust": 1.8, "url": "http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/" }, { "trust": 1.8, "url": "https://github.com/rapid7/metasploit-framework/pull/1834" }, { "trust": 1.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html" }, { "trust": 1.8, "url": "http://www.osvdb.org/93037" }, { "trust": 1.8, "url": "http://secunia.com/advisories/55181" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2028" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2028" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://int3pids.blogspot.com.es/2013/07/nginx-reliable-explotation-through.html" }, { "trust": 0.3, "url": "http://seclists.org/oss-sec/2013/q2/290" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2028" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://github.com/kitctf/nginxpwn" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/25499/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2070" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0337" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0337" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2028" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2070" }, { "trust": 0.1, "url": "http://nginx.org/en/donation.html" } ], "sources": [ { "db": "VULHUB", "id": "VHN-62030" }, { "db": "VULMON", "id": "CVE-2013-2028" }, { "db": "BID", "id": "59699" }, { "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "db": "PACKETSTORM", "id": "123516" }, { "db": "PACKETSTORM", "id": "121560" }, { "db": "NVD", "id": "CVE-2013-2028" }, { "db": "CNNVD", "id": "CNNVD-201305-143" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-62030" }, { "db": "VULMON", "id": "CVE-2013-2028" }, { "db": "BID", "id": "59699" }, { "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "db": "PACKETSTORM", "id": "123516" }, { "db": "PACKETSTORM", "id": "121560" }, { "db": "NVD", "id": "CVE-2013-2028" }, { "db": "CNNVD", "id": "CNNVD-201305-143" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-07-20T00:00:00", "db": "VULHUB", "id": "VHN-62030" }, { "date": "2013-07-20T00:00:00", "db": "VULMON", "id": "CVE-2013-2028" }, { "date": "2013-05-07T00:00:00", "db": "BID", "id": "59699" }, { "date": "2013-07-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "date": "2013-10-07T22:29:42", "db": "PACKETSTORM", "id": "123516" }, { "date": "2013-05-08T02:43:02", "db": "PACKETSTORM", "id": "121560" }, { "date": "2013-07-20T03:37:20.730000", "db": "NVD", "id": "CVE-2013-2028" }, { "date": "2013-05-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201305-143" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-62030" }, { "date": "2021-11-10T00:00:00", "db": "VULMON", "id": "CVE-2013-2028" }, { "date": "2015-04-13T21:40:00", "db": "BID", "id": "59699" }, { "date": "2013-11-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "date": "2021-11-10T15:59:33.553000", "db": "NVD", "id": "CVE-2013-2028" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201305-143" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201305-143" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of http/ngx_http_parse.c Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-003473" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201305-143" } ], "trust": 0.6 } }
var-201012-0193
Vulnerability from variot
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL is prone to a security weakness that may allow attackers to downgrade the ciphersuite. Successfully exploiting this issue in conjunction with other latent vulnerabilities may allow attackers to gain access to sensitive information or gain unauthorized access to an affected application that uses OpenSSL. Releases prior to OpenSSL 1.0.0c are affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02824483 Version: 1
HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-05-05 Last Updated: 2011-05-05
Potential Security Impact: Remote Denial of Service (DoS), Unauthorized disclosure of information, unauthorized modification
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses.
References: CVE-2011-0014, CVE-2010-4180, CVE-2010-4252, CVE-2010-3864
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS v 1.4 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-4180 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2010-4252 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-3864 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve these vulnerabilities.
HP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers: http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
HISTORY Version:1 (rev.1) - 5 May 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2011-0013 Synopsis: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Issue date: 2011-10-27 Updated on: 2011-10-27 (initial release of advisory) CVE numbers: --- openssl --- CVE-2008-7270 CVE-2010-4180 --- libuser --- CVE-2011-0002 --- nss, nspr --- CVE-2010-3170 CVE-2010-3173 --- Oracle (Sun) JRE 1.6.0 --- CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467 CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475 CVE-2010-4476 --- Oracle (Sun) JRE 1.5.0 --- CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454 CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468 CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476 CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864 CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867 CVE-2011-0865 --- SFCB --- CVE-2010-2054
- Summary
Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues.
- Relevant releases
vCenter Server 4.1 without Update 2
vCenter Update Manager 4.1 without Update 2
ESXi 4.1 without patch ESX410-201110201-SG.
ESX 4.1 without patches ESX410-201110201-SG, ESX410-201110204-SG, ESX410-201110206-SG,ESX410-201110214-SG.
- Problem Description
a. ESX third party update for Service Console openssl RPM
The Service Console openssl RPM is updated to
openssl-0.9.8e.12.el5_5.7 resolving two security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-7270 and CVE-2010-4180 to these
issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi any any not affected
ESX 4.1 ESX ESX410-201110204-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Fusion.
b. ESX third party update for Service Console libuser RPM
The Service Console libuser RPM is updated to version
0.54.7-2.1.el5_5.2 to resolve a security issue.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2011-0002 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201110206-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Fusion.
c. ESX third party update for Service Console nss and nspr RPMs
The Service Console Network Security Services (NSS) and Netscape
Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1
and nss-3.12.8-4 resolving multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3170 and CVE-2010-3173 to these
issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201110214-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Fusion.
d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24
Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,
CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454,
CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466,
CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470,
CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474,
CVE-2010-4475 and CVE-2010-4476.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548,
CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552,
CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556,
CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560,
CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,
CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569,
CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and
CVE-2010-3574.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 5.0 Windows not affected
vCenter 4.1 Windows Update 2
vCenter 4.0 Windows not applicable **
VirtualCenter 2.5 Windows not applicable **
Update Manager 5.0 Windows not affected
Update Manager 4.1 Windows not applicable **
Update Manager 4.0 Windows not applicable **
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX not applicable **
ESX 3.5 ESX not applicable **
ESX 3.0.3 ESX not applicable **
- hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.5.0 family
e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30
Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873,
CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814,
CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448,
CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465,
CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473,
CVE-2010-4475, CVE-2010-4476.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 5.0 Windows not applicable **
vCenter 4.1 Windows not applicable **
vCenter 4.0 Windows patch pending
VirtualCenter 2.5 Windows patch pending
Update Manager 5.0 Windows not applicable **
Update Manager 4.1 Windows Update 2
Update Manager 4.0 Windows patch pending
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX not applicable **
ESX 4.0 ESX patch pending
ESX 3.5 ESX patch pending
ESX 3.0.3 ESX affected, no patch planned
- hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.6.0 family
f. Integer overflow in VMware third party component sfcb
This release resolves an integer overflow issue present in the
third party library SFCB when the httpMaxContentLength has been
changed from its default value to 0 in in /etc/sfcb/sfcb.cfg.
The integer overflow could allow remote attackers to cause a
denial of service (heap memory corruption) or possibly execute
arbitrary code via a large integer in the Content-Length HTTP
header.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-2054 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi 5.0 ESXi not affected
ESXi 4.1 ESXi ESXi410-201110201-SG
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
-
hosted products are VMware Workstation, Player, ACE, Fusion.
-
Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware vCenter Server 4.1
vCenter Server 4.1 Update 2 The download for vCenter Server includes VMware Update Manager.
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html https://www.vmware.com/support/pubs/vum_pubs.html
File: VMware-VIMSetup-all-4.1.0-493063.iso md5sum: d132326846a85bfc9ebbc53defeee6e1 sha1sum: 192c3e5d2a10bbe53c025cc7eedb3133a23e0541
File: VMware-VIMSetup-all-4.1.0-493063.zip md5sum: 7fd7b09e501bd8fde52649b395491222 sha1sum: 46dd00e7c594ac672a5d7c3c27d15be2f5a5f1f1
File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware ESXi 4.1
VMware ESXi 4.1 Update 2
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html
File: VMware-VMvisor-Installer-4.1.0.update02-502767.x86_64.iso md5sum: 0aa78790a336c5fc6ba3d9807c98bfea sha1sum: 7eebd34ab5bdc81401ae20dcf59a8f8ae22086ce
File: upgrade-from-esxi4.0-to-4.1-update02-502767.zip md5sum: 459d9142a885854ef0fa6edd8d6a5677 sha1sum: 75978b6f0fc3b0ccc63babe6a65cfde6ec420d33
File: upgrade-from-ESXi3.5-to-4.1_update02.502767.zip md5sum: 3047fac78a4aaa05cf9528d62fad9d73 sha1sum: dc99b6ff352ace77d5513b4c6d8a2cb7e766a09f
File: VMware-tools-linux-8.3.12-493255.iso md5sum: 63028f2bf605d26798ac24525a0e6208 sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932
File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware ESXi 4.1 Update 2 contains ESXi410-201110201-SG.
VMware ESX 4.1
VMware ESX 4.1 Update 2 Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
File: ESX-4.1.0-update02-502767.iso md5sum: 9a2b524446cbd756f0f1c7d8d88077f8 sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c
File: pre-upgrade-from-esx4.0-to-4.1-502767.zip md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4
File: upgrade-from-esx4.0-to-4.1-update02-502767.zip md5sum: 4b60f36ee89db8cb7e1243aa02cdb549 sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f
File: VMware-tools-linux-8.3.12-493255.iso md5sum: 63028f2bf605d26798ac24525a0e6208 sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932
File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware ESX 4.1 Update 2 contains ESX410-201110204-SG, ESX410-201110206-SG, ESX410-201110201-SG and ESX410-201110214-SG.
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4451 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873
- Change log
2011-10-27 VMSA-2011-0013 Initial security advisory in conjunction with the release of Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2011 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6qRrIACgkQDEcm8Vbi9kPemwCeM4Q4S8aRp8X/8/LQ8NGVdU8l lJkAmweROyq5t0iWwM0EN2iP9ly6trbc =Dm8O -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-01
http://security.gentoo.org/
Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 09, 2011 Bugs: #303739, #308011, #322575, #332027, #345767, #347623, #354139, #382069 ID: 201110-01
Synopsis
Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks.
Background
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.0e >= 1.0.0e
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.
Impact
A context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0e"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues.
References
[ 1 ] CVE-2009-3245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245 [ 2 ] CVE-2009-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355 [ 3 ] CVE-2010-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433 [ 4 ] CVE-2010-0740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740 [ 5 ] CVE-2010-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742 [ 6 ] CVE-2010-1633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633 [ 7 ] CVE-2010-2939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939 [ 8 ] CVE-2010-3864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864 [ 9 ] CVE-2010-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180 [ 10 ] CVE-2010-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252 [ 11 ] CVE-2011-0014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014 [ 12 ] CVE-2011-3207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207 [ 13 ] CVE-2011-3210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-01.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2141-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch January 06, 2011 http://www.debian.org/security/faq
Package : openssl Vulnerability : SSL/TLS insecure renegotiation protocol design flaw Problem type : remote Debian-specific: no CVE ID : CVE-2009-3555 CVE-2010-4180 Debian Bug : 555829
CVE-2009-3555:
Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue.
If openssl is used in a server application, it will by default no longer accept renegotiation from clients that do not support the RFC5746 secure renegotiation extension. A separate advisory will add RFC5746 support for nss, the security library used by the iceweasel web browser. For apache2, there will be an update which allows to re-enable insecure renegotiation.
This version of openssl is not compatible with older versions of tor. You have to use at least tor version 0.2.1.26-1~lenny+1, which has been included in the point release 5.0.7 of Debian stable.
Currently we are not aware of other software with similar compatibility problems.
CVE-2010-4180:
In addition, this update fixes a flaw that allowed a client to bypass restrictions configured in the server for the used cipher suite.
For the stable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny11.
For the unstable distribution (sid), and the testing distribution (squeeze), this problem has been fixed in version 0.9.8o-4.
We recommend that you upgrade your openssl package. In some cases the ciphersuite can be downgraded to a weaker one on subsequent connections.
The OpenSSL security team would like to thank Martin Rex for reporting this issue.
This vulnerability is tracked as CVE-2010-4180
OpenSSL JPAKE validation error
Sebastian Martini found an error in OpenSSL's J-PAKE implementation which could lead to successful validation by someone with no knowledge of the shared secret. This error is fixed in 1.0.0c. Details of the problem can be found here:
http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf
Note that the OpenSSL Team still consider our implementation of J-PAKE to be experimental and is not compiled by default.
Any OpenSSL based SSL/TLS server is vulnerable if it uses OpenSSL's internal caching mechanisms and the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG flag (many applications enable this by using the SSL_OP_ALL option).
All users of OpenSSL's experimental J-PAKE implementation are vulnerable to the J-PAKE validation error.
Alternatively do not set the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG and/or SSL_OP_ALL flags.
Users of OpenSSL 1.0.0 releases should update to the OpenSSL 1.0.0c release which contains a patch to correct this issue and also contains a corrected version of the CVE-2010-3864 vulnerability fix.
If upgrading is not immediately possible, the relevant source code patch provided in this advisory should be applied.
Any user of OpenSSL's J-PAKE implementaion (which is not compiled in by default) should upgrade to OpenSSL 1.0.0c.
Patch
Index: ssl/s3_clnt.c
RCS file: /v/openssl/cvs/openssl/ssl/s3_clnt.c,v retrieving revision 1.129.2.16 diff -u -r1.129.2.16 s3_clnt.c --- ssl/s3_clnt.c 10 Oct 2010 12:33:10 -0000 1.129.2.16 +++ ssl/s3_clnt.c 24 Nov 2010 14:32:37 -0000 @@ -866,8 +866,11 @@ s->session->cipher_id = s->session->cipher->id; if (s->hit && (s->session->cipher_id != c->id)) { +/ Workaround is now obsolete / +#if 0 if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) +#endif { al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); Index: ssl/s3_srvr.c =================================================================== RCS file: /v/openssl/cvs/openssl/ssl/s3_srvr.c,v retrieving revision 1.171.2.22 diff -u -r1.171.2.22 s3_srvr.c --- ssl/s3_srvr.c 14 Nov 2010 13:50:29 -0000 1.171.2.22 +++ ssl/s3_srvr.c 24 Nov 2010 14:34:28 -0000 @@ -985,6 +985,10 @@ break; } } +/ Disabled because it can be used in a ciphersuite downgrade + * attack: CVE-2010-4180. + / +#if 0 if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) { / Special case as client bug workaround: the previously used cipher may @@ -999,6 +1003,7 @@ j = 1; } } +#endif if (j == 0) { / we need to have the cipher in the cipher
References
URL for this Security Advisory: http://www.openssl.org/news/secadv_20101202.txt
URL for updated CVS-2010-3864 Security Advisory: http://www.openssl.org/news/secadv_20101116-2.txt
. HP Integrated Lights-Out 2 (iLO2) firmware versions 2.05 and earlier. HP Integrated Lights-Out 3 (iLO3) firmware versions 1.16 and earlier.
The latest firmware and installation instructions are available from the HP Business Support Center: http://www.hp.com/go/bizsupport
HP Integrated Lights-Out 2 (iLO2) Online ROM Flash Component for Linux and Windows v2.06 or subsequent.
HP Integrated Lights-Out 3 (iLO3) Online ROM Flash Component for Linux and Windows v1.20 or subsequent
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201012-0193", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "lt", "trust": 1.8, "vendor": "openssl", "version": "0.9.8q" }, { "model": "openssl", "scope": "lt", "trust": 1.8, "vendor": "openssl", "version": "1.0.0c" }, { "model": "linux", "scope": "eq", "trust": 1.3, "vendor": "debian", "version": "5.0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.3, "vendor": "suse", "version": "9" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "3.5" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "linux enterprise", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "11.0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "10" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "0.9.2" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "10.10" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "9.04" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "13" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.1" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "10" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.4" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "14" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "8.04" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "11" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.3" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "6.06" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.2" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "10.04" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "efi", "version": null }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "3.0.3" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.7" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.7" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86-64)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0 (x86-64)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "cacheflow", "scope": "lt", "trust": 0.8, "vendor": "blue coat", "version": "2.1.4.7" }, { "model": "director", "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": "packetshaper", "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": "policycenter", "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": "proxyav", "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": "reporter", "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": "proxyone", "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": "proxysg", "scope": "lt", "trust": 0.8, "vendor": "blue coat", "version": "6.1.2.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "4.3.3" }, { "model": "linux enterprise sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "5.2.4.3" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "integrated lights out", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "21.16" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0.4" }, { "model": "hat jboss enterprise web server for rhel as", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "41.0" }, { "model": "coat systems proxyav", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "3.2" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "hat jboss enterprise web server for rhel", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "61.0" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "syslog-ng premium edition", "scope": "eq", "trust": 0.3, "vendor": "balabit", "version": "3.0.6" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "syslog-ng premium edition 3.2.1a", "scope": null, "trust": 0.3, "vendor": "balabit", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.7" }, { "model": "project openssl b-36.8", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "coat systems proxyav", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "3.2.6.1" }, { "model": "hat enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "4.2.6" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "coat systems cacheflow", "scope": "ne", "trust": 0.3, "vendor": "blue", "version": "2.1.47" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "coat systems policy center", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8.6" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.11" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "syslog-ng premium edition", "scope": "eq", "trust": 0.3, "vendor": "balabit", "version": "3.2" }, { "model": "coat systems proxyav", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "5.2.4.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "5.2.2.5" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "integrated lights out", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "32.05" }, { "model": "edirectory sp6 patch", "scope": "ne", "trust": 0.3, "vendor": "novell", "version": "8.83" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "project openssl 1.0.0c", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.0" }, { "model": "hat jboss enterprise web server for rhel", "scope": "ne", "trust": 0.3, "vendor": "red", "version": "61.0.2" }, { "model": "hat enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "edirectory sp1", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "5.2.4.8" }, { "model": "coat systems proxyav", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "2.4.2" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "edirectory sp3", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.3" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "coat systems proxyone", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "1" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.2" }, { "model": "hat enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.32" }, { "model": "intuity audix lx sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5300-06" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.31" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "edirectory sp4", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5200-10" }, { "model": "syslog-ng premium edition 3.2.1b", "scope": "ne", "trust": 0.3, "vendor": "balabit", "version": null }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.1" }, { "model": "coat systems packetshaper", "scope": "ne", "trust": 0.3, "vendor": "blue", "version": "8.7.1" }, { "model": "hat jboss enterprise web server for rhel server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "51.0" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "linux enterprise sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "5.2.6" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "enterprise linux desktop version", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.4" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "appliance platform linux service", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "1" }, { "model": "syslog-ng premium edition 3.0.7a", "scope": "ne", "trust": 0.3, "vendor": "balabit", "version": null }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "hat jboss enterprise web server for solaris", "scope": "ne", "trust": 0.3, "vendor": "red", "version": "1.0.2" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "coat systems policy center", "scope": "ne", "trust": 0.3, "vendor": "blue", "version": "8.7.1" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.3" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "4.2.6.1" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.1" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.9" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "hat jboss enterprise web server for rhel es", "scope": "ne", "trust": 0.3, "vendor": "red", "version": "41.0.2" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "hat jboss enterprise web server for windows", "scope": "ne", "trust": 0.3, "vendor": "red", "version": "1.0.2" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "coat systems director", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "5.2.2.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.12" }, { "model": "hat enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "aix l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "hat enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "syslog-ng premium edition 4.0.1a", "scope": "ne", "trust": 0.3, "vendor": "balabit", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.4" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "4.2.8.7" }, { "model": "coat systems policy center", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8.7" }, { "model": "appliance platform linux service", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "2" }, { "model": "hat jboss enterprise web server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5.0" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "5.2.2.4" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "edirectory sp2", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "coat systems proxyav", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "2.4.2.3" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "syslog-ng premium edition", "scope": "eq", "trust": 0.3, "vendor": "balabit", "version": "4.0.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "hat jboss enterprise web server for rhel as", "scope": "ne", "trust": 0.3, "vendor": "red", "version": "41.0.2" }, { "model": "coat systems packetshaper", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8.3.2" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux enterprise teradata sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "syslog-ng premium edition", "scope": "eq", "trust": 0.3, "vendor": "balabit", "version": "3.0.7" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "hat enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "hat jboss enterprise web server for rhel server", "scope": "ne", "trust": 0.3, "vendor": "red", "version": "51.0.2" }, { "model": "hat enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "4" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "hat jboss enterprise web server for windows", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "1.0" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.0" }, { "model": "coat systems proxysg", "scope": "ne", "trust": 0.3, "vendor": "blue", "version": "6.1.21" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "4.2.1.6" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "syslog-ng premium edition", "scope": "eq", "trust": 0.3, "vendor": "balabit", "version": "3.0.5" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "coat systems proxyav", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "3.2.6.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "hat jboss enterprise web server for rhel es", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "41.0" }, { "model": "edirectory", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "hat enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "11.0" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "intuity audix lx sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "linux lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "coat systems cacheflow", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "2.1.46" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "hat enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "coat systems proxysg", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "4.2.10" }, { "model": "edirectory sp5 patch", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.84" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "aix l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.10" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "insight control", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "edirectory sp4 ftf1", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "edirectory sp5 ftf1", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "intuity audix lx", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "hat jboss enterprise web server for solaris", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "1.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "edirectory sp3 ftf3", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.2" }, { "model": "aix l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.21" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "coat systems packetshaper", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8.4" }, { "model": "jboss enterprise web server el4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "edirectory sp5", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.8" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "BID", "id": "45164" }, { "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "db": "NVD", "id": "CVE-2010-4180" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.0c", "versionStartIncluding": "1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.9.8q", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.9.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-4180" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Martin Rex", "sources": [ { "db": "BID", "id": "45164" } ], "trust": 0.3 }, "cve": "CVE-2010-4180", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2010-4180", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-4180", "trust": 1.8, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2010-4180", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4180" }, { "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "db": "NVD", "id": "CVE-2010-4180" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL is prone to a security weakness that may allow attackers to downgrade the ciphersuite. \nSuccessfully exploiting this issue in conjunction with other latent vulnerabilities may allow attackers to gain access to sensitive information or gain unauthorized access to an affected application that uses OpenSSL. \nReleases prior to OpenSSL 1.0.0c are affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02824483\nVersion: 1\n\nHPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-05-05\nLast Updated: 2011-05-05\n\nPotential Security Impact: Remote Denial of Service (DoS), Unauthorized disclosure of information, unauthorized modification\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses. \n\nReferences: CVE-2011-0014, CVE-2010-4180, CVE-2010-4252, CVE-2010-3864\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL for OpenVMS v 1.4 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2010-4180 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2010-4252 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2010-3864 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nHP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers:\nhttp://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\nHISTORY\nVersion:1 (rev.1) - 5 May 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2011-0013\nSynopsis: VMware third party component updates for VMware vCenter\n Server, vCenter Update Manager, ESXi and ESX\nIssue date: 2011-10-27\nUpdated on: 2011-10-27 (initial release of advisory)\nCVE numbers: --- openssl ---\n CVE-2008-7270 CVE-2010-4180\n --- libuser ---\n CVE-2011-0002\n --- nss, nspr ---\n CVE-2010-3170 CVE-2010-3173\n --- Oracle (Sun) JRE 1.6.0 ---\n CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549\n CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553\n CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557\n CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561\n CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566\n CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570\n CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574\n CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450\n CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462\n CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467\n CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471\n CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475\n CVE-2010-4476\n --- Oracle (Sun) JRE 1.5.0 ---\n CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454\n CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468\n CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476\n CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864\n CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867\n CVE-2011-0865\n --- SFCB ---\n CVE-2010-2054\n- ------------------------------------------------------------------------\n\n1. Summary\n\n Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere\n Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues. \n\n2. Relevant releases\n\n vCenter Server 4.1 without Update 2\n\n vCenter Update Manager 4.1 without Update 2\n\n ESXi 4.1 without patch ESX410-201110201-SG. \n\n ESX 4.1 without patches ESX410-201110201-SG,\n ESX410-201110204-SG, ESX410-201110206-SG,ESX410-201110214-SG. \n\n3. Problem Description\n\n a. ESX third party update for Service Console openssl RPM\n\n The Service Console openssl RPM is updated to\n openssl-0.9.8e.12.el5_5.7 resolving two security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-7270 and CVE-2010-4180 to these\n issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ========= ======== ======= =================\n vCenter any Windows not affected\n\n hosted* any any not affected\n\n ESXi any any not affected\n\n ESX 4.1 ESX ESX410-201110204-SG\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n b. ESX third party update for Service Console libuser RPM\n\n The Service Console libuser RPM is updated to version\n 0.54.7-2.1.el5_5.2 to resolve a security issue. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2011-0002 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ========= ======== ======= =================\n vCenter any Windows not affected\n\n hosted* any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201110206-SG\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n c. ESX third party update for Service Console nss and nspr RPMs\n\n The Service Console Network Security Services (NSS) and Netscape\n Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1\n and nss-3.12.8-4 resolving multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-3170 and CVE-2010-3173 to these\n issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ========= ======== ======= =================\n vCenter any Windows not affected\n\n hosted* any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201110214-SG\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24\n\n Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,\n CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454,\n CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466,\n CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470,\n CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474,\n CVE-2010-4475 and CVE-2010-4476. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548,\n CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552,\n CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556,\n CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560,\n CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,\n CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569,\n CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and\n CVE-2010-3574. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 5.0 Windows not affected\n vCenter 4.1 Windows Update 2\n vCenter 4.0 Windows not applicable **\n VirtualCenter 2.5 Windows not applicable **\n\n Update Manager 5.0 Windows not affected\n Update Manager 4.1 Windows not applicable **\n Update Manager 4.0 Windows not applicable **\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201110201-SG\n ESX 4.0 ESX not applicable **\n ESX 3.5 ESX not applicable **\n ESX 3.0.3 ESX not applicable **\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.5.0 family\n\n e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30\n\n Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873,\n CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814,\n CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448,\n CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465,\n CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473,\n CVE-2010-4475, CVE-2010-4476. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 5.0 Windows not applicable **\n vCenter 4.1 Windows not applicable **\n vCenter 4.0 Windows patch pending\n VirtualCenter 2.5 Windows patch pending\n\n Update Manager 5.0 Windows not applicable **\n Update Manager 4.1 Windows Update 2\n Update Manager 4.0 Windows patch pending\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX not applicable **\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX patch pending\n ESX 3.0.3 ESX affected, no patch planned\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.6.0 family\n\n f. Integer overflow in VMware third party component sfcb\n\n This release resolves an integer overflow issue present in the\n third party library SFCB when the httpMaxContentLength has been\n changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. \n The integer overflow could allow remote attackers to cause a\n denial of service (heap memory corruption) or possibly execute\n arbitrary code via a large integer in the Content-Length HTTP\n header. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-2054 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ========= ======== ======= =================\n vCenter any Windows not affected\n\n hosted* any any not affected\n\n ESXi 5.0 ESXi not affected\n ESXi 4.1 ESXi ESXi410-201110201-SG\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.1 ESX ESX410-201110201-SG\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n4. Solution\n Please review the patch/release notes for your product and version\n and verify the checksum of your downloaded file. \n\n VMware vCenter Server 4.1\n ----------------------------------------------\n vCenter Server 4.1 Update 2\n The download for vCenter Server includes VMware Update Manager. \n\n Download link:\n\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1\n\n Release Notes:\n\nhttp://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html\n https://www.vmware.com/support/pubs/vum_pubs.html\n\n File: VMware-VIMSetup-all-4.1.0-493063.iso\n md5sum: d132326846a85bfc9ebbc53defeee6e1\n sha1sum: 192c3e5d2a10bbe53c025cc7eedb3133a23e0541\n\n File: VMware-VIMSetup-all-4.1.0-493063.zip\n md5sum: 7fd7b09e501bd8fde52649b395491222\n sha1sum: 46dd00e7c594ac672a5d7c3c27d15be2f5a5f1f1\n\n File: VMware-viclient-all-4.1.0-491557.exe\n md5sum: dafd31619ae66da65115ac3900697e3a\n sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef\n\n VMware ESXi 4.1\n ---------------\n VMware ESXi 4.1 Update 2\n\n Download link:\n\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1\n\n Release Notes:\n\nhttps://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html\n\n File: VMware-VMvisor-Installer-4.1.0.update02-502767.x86_64.iso\n md5sum: 0aa78790a336c5fc6ba3d9807c98bfea\n sha1sum: 7eebd34ab5bdc81401ae20dcf59a8f8ae22086ce\n\n File: upgrade-from-esxi4.0-to-4.1-update02-502767.zip\n md5sum: 459d9142a885854ef0fa6edd8d6a5677\n sha1sum: 75978b6f0fc3b0ccc63babe6a65cfde6ec420d33\n\n File: upgrade-from-ESXi3.5-to-4.1_update02.502767.zip\n md5sum: 3047fac78a4aaa05cf9528d62fad9d73\n sha1sum: dc99b6ff352ace77d5513b4c6d8a2cb7e766a09f\n\n File: VMware-tools-linux-8.3.12-493255.iso\n md5sum: 63028f2bf605d26798ac24525a0e6208\n sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932\n\n File: VMware-viclient-all-4.1.0-491557.exe\n md5sum: dafd31619ae66da65115ac3900697e3a\n sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef\n\n VMware ESXi 4.1 Update 2 contains ESXi410-201110201-SG. \n\n VMware ESX 4.1\n --------------\n VMware ESX 4.1 Update 2\n Download link:\n\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1\n\n Release Notes:\n\nhttp://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html\n\n File: ESX-4.1.0-update02-502767.iso\n md5sum: 9a2b524446cbd756f0f1c7d8d88077f8\n sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c\n\n File: pre-upgrade-from-esx4.0-to-4.1-502767.zip\n md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf\n sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4\n\n File: upgrade-from-esx4.0-to-4.1-update02-502767.zip\n md5sum: 4b60f36ee89db8cb7e1243aa02cdb549\n sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f\n\n File: VMware-tools-linux-8.3.12-493255.iso\n md5sum: 63028f2bf605d26798ac24525a0e6208\n sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932\n\n File: VMware-viclient-all-4.1.0-491557.exe\n md5sum: dafd31619ae66da65115ac3900697e3a\n sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef\n\n VMware ESX 4.1 Update 2 contains ESX410-201110204-SG,\n ESX410-201110206-SG, ESX410-201110201-SG and\n ESX410-201110214-SG. \n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7270\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2054\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4422\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4451\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4463\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4467\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4474\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0002\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873\n\n- ------------------------------------------------------------------------\n6. Change log\n\n 2011-10-27 VMSA-2011-0013\n Initial security advisory in conjunction with the release of\n Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1,\n vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware security response policy\n http://www.vmware.com/support/policies/security_response.html\n\n General support life cycle policy\n http://www.vmware.com/support/policies/eos.html\n\n VMware Infrastructure support life cycle policy\n http://www.vmware.com/support/policies/eos_vi.html\n\n Copyright 2011 VMware Inc. All rights reserved. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n\niEYEARECAAYFAk6qRrIACgkQDEcm8Vbi9kPemwCeM4Q4S8aRp8X/8/LQ8NGVdU8l\nlJkAmweROyq5t0iWwM0EN2iP9ly6trbc\n=Dm8O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201110-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: OpenSSL: Multiple vulnerabilities\n Date: October 09, 2011\n Bugs: #303739, #308011, #322575, #332027, #345767, #347623,\n #354139, #382069\n ID: 201110-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in OpenSSL, allowing for the\nexecution of arbitrary code and other attacks. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.0e \u003e= 1.0.0e\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA context-dependent attacker could cause a Denial of Service, possibly\nexecute arbitrary code, bypass intended key requirements, force the\ndowngrade to unintended ciphers, bypass the need for knowledge of\nshared secrets and successfully authenticate, bypass CRL validation, or\nobtain sensitive information in applications that use OpenSSL. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0e\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since September 17, 2011. It is likely that your system is\nalready no longer affected by most of these issues. \n\nReferences\n==========\n\n[ 1 ] CVE-2009-3245\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245\n[ 2 ] CVE-2009-4355\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355\n[ 3 ] CVE-2010-0433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433\n[ 4 ] CVE-2010-0740\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740\n[ 5 ] CVE-2010-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742\n[ 6 ] CVE-2010-1633\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633\n[ 7 ] CVE-2010-2939\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939\n[ 8 ] CVE-2010-3864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864\n[ 9 ] CVE-2010-4180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180\n[ 10 ] CVE-2010-4252\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252\n[ 11 ] CVE-2011-0014\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014\n[ 12 ] CVE-2011-3207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207\n[ 13 ] CVE-2011-3210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2141-1 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nJanuary 06, 2011 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : openssl\nVulnerability : SSL/TLS insecure renegotiation protocol design flaw\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-3555 CVE-2010-4180\nDebian Bug : 555829\n\nCVE-2009-3555:\n\nMarsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS\nand SSLv3 protocols. If an attacker could perform a man in the middle\nattack at the start of a TLS connection, the attacker could inject\narbitrary content at the beginning of the user\u0027s session. This update\nadds backported support for the new RFC5746 renegotiation extension\nwhich fixes this issue. \n\nIf openssl is used in a server application, it will by default no\nlonger accept renegotiation from clients that do not support the\nRFC5746 secure renegotiation extension. A separate advisory will add\nRFC5746 support for nss, the security library used by the iceweasel\nweb browser. For apache2, there will be an update which allows to\nre-enable insecure renegotiation. \n\nThis version of openssl is not compatible with older versions of tor. \nYou have to use at least tor version 0.2.1.26-1~lenny+1, which has\nbeen included in the point release 5.0.7 of Debian stable. \n\nCurrently we are not aware of other software with similar compatibility\nproblems. \n\n\nCVE-2010-4180:\n \nIn addition, this update fixes a flaw that allowed a client to bypass\nrestrictions configured in the server for the used cipher suite. \n\n\nFor the stable distribution (lenny), this problem has been fixed\nin version 0.9.8g-15+lenny11. \n\nFor the unstable distribution (sid), and the testing distribution\n(squeeze), this problem has been fixed in version 0.9.8o-4. \n\nWe recommend that you upgrade your openssl package. In some cases the ciphersuite can be downgraded to a weaker one\non subsequent connections. \n\nThe OpenSSL security team would like to thank Martin Rex for reporting this\nissue. \n\nThis vulnerability is tracked as CVE-2010-4180\n\nOpenSSL JPAKE validation error\n===============================\n\nSebastian Martini found an error in OpenSSL\u0027s J-PAKE implementation\nwhich could lead to successful validation by someone with no knowledge\nof the shared secret. This error is fixed in 1.0.0c. Details of the\nproblem can be found here:\n\nhttp://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf\n\nNote that the OpenSSL Team still consider our implementation of J-PAKE\nto be experimental and is not compiled by default. \n\nAny OpenSSL based SSL/TLS server is vulnerable if it uses\nOpenSSL\u0027s internal caching mechanisms and the\nSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG flag (many applications enable this\nby using the SSL_OP_ALL option). \n\nAll users of OpenSSL\u0027s experimental J-PAKE implementation are vulnerable\nto the J-PAKE validation error. \n\nAlternatively do not set the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\nand/or SSL_OP_ALL flags. \n\nUsers of OpenSSL 1.0.0 releases should update to the OpenSSL 1.0.0c release\nwhich contains a patch to correct this issue and also contains a corrected\nversion of the CVE-2010-3864 vulnerability fix. \n\nIf upgrading is not immediately possible, the relevant source code patch\nprovided in this advisory should be applied. \n\nAny user of OpenSSL\u0027s J-PAKE implementaion (which is not compiled in by \ndefault) should upgrade to OpenSSL 1.0.0c. \n\nPatch\n=====\n\nIndex: ssl/s3_clnt.c\n===================================================================\nRCS file: /v/openssl/cvs/openssl/ssl/s3_clnt.c,v\nretrieving revision 1.129.2.16\ndiff -u -r1.129.2.16 s3_clnt.c\n--- ssl/s3_clnt.c\t10 Oct 2010 12:33:10 -0000\t1.129.2.16\n+++ ssl/s3_clnt.c\t24 Nov 2010 14:32:37 -0000\n@@ -866,8 +866,11 @@\n \t\ts-\u003esession-\u003ecipher_id = s-\u003esession-\u003ecipher-\u003eid;\n \tif (s-\u003ehit \u0026\u0026 (s-\u003esession-\u003ecipher_id != c-\u003eid))\n \t\t{\n+/* Workaround is now obsolete */\n+#if 0\n \t\tif (!(s-\u003eoptions \u0026\n \t\t\tSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))\n+#endif\n \t\t\t{\n \t\t\tal=SSL_AD_ILLEGAL_PARAMETER;\n \t\t\tSSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);\nIndex: ssl/s3_srvr.c\n===================================================================\nRCS file: /v/openssl/cvs/openssl/ssl/s3_srvr.c,v\nretrieving revision 1.171.2.22\ndiff -u -r1.171.2.22 s3_srvr.c\n--- ssl/s3_srvr.c\t14 Nov 2010 13:50:29 -0000\t1.171.2.22\n+++ ssl/s3_srvr.c\t24 Nov 2010 14:34:28 -0000\n@@ -985,6 +985,10 @@\n \t\t\t\tbreak;\n \t\t\t\t}\n \t\t\t}\n+/* Disabled because it can be used in a ciphersuite downgrade\n+ * attack: CVE-2010-4180. \n+ */\n+#if 0\n \t\tif (j == 0 \u0026\u0026 (s-\u003eoptions \u0026 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) \u0026\u0026 (sk_SSL_CIPHER_num(ciphers) == 1))\n \t\t\t{\n \t\t\t/* Special case as client bug workaround: the previously used cipher may\n@@ -999,6 +1003,7 @@\n \t\t\t\tj = 1;\n \t\t\t\t}\n \t\t\t}\n+#endif\n \t\tif (j == 0)\n \t\t\t{\n \t\t\t/* we need to have the cipher in the cipher\n\n\n\nReferences\n===========\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20101202.txt\n\nURL for updated CVS-2010-3864 Security Advisory:\nhttp://www.openssl.org/news/secadv_20101116-2.txt\n\n\n. \nHP Integrated Lights-Out 2 (iLO2) firmware versions 2.05 and earlier. \nHP Integrated Lights-Out 3 (iLO3) firmware versions 1.16 and earlier. \n\nThe latest firmware and installation instructions are available from the HP Business Support Center: http://www.hp.com/go/bizsupport\n\nHP Integrated Lights-Out 2 (iLO2) Online ROM Flash Component for Linux and Windows v2.06 or subsequent. \n\nHP Integrated Lights-Out 3 (iLO3) Online ROM Flash Component for Linux and Windows v1.20 or subsequent", "sources": [ { "db": "NVD", "id": "CVE-2010-4180" }, { "db": "CERT/CC", "id": "VU#737740" }, { "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "db": "BID", "id": "45164" }, { "db": "VULMON", "id": "CVE-2010-4180" }, { "db": "PACKETSTORM", "id": "101256" }, { "db": "PACKETSTORM", "id": "106330" }, { "db": "PACKETSTORM", "id": "105638" }, { "db": "PACKETSTORM", "id": "97287" }, { "db": "PACKETSTORM", "id": "96498" }, { "db": "PACKETSTORM", "id": "106754" } ], "trust": 3.24 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-4180", "trust": 2.9 }, { "db": "CERT/CC", "id": "VU#737740", "trust": 2.2 }, { "db": "BID", "id": "45164", "trust": 2.2 }, { "db": "SECUNIA", "id": "42473", "trust": 1.9 }, { "db": "VUPEN", "id": "ADV-2010-3120", "trust": 1.9 }, { "db": "SECTRACK", "id": "1024822", "trust": 1.9 }, { "db": "OSVDB", "id": "69565", "trust": 1.9 }, { "db": "SECUNIA", "id": "43169", "trust": 1.1 }, { "db": "SECUNIA", "id": "42811", "trust": 1.1 }, { "db": "SECUNIA", "id": "42469", "trust": 1.1 }, { "db": "SECUNIA", "id": "43172", "trust": 1.1 }, { "db": "SECUNIA", "id": "42571", "trust": 1.1 }, { "db": "SECUNIA", "id": "42493", "trust": 1.1 }, { "db": "SECUNIA", "id": "43173", "trust": 1.1 }, { "db": "SECUNIA", "id": "44269", "trust": 1.1 }, { "db": "SECUNIA", "id": "43170", "trust": 1.1 }, { "db": "SECUNIA", "id": "42620", "trust": 1.1 }, { "db": "SECUNIA", "id": "42877", "trust": 1.1 }, { "db": "SECUNIA", "id": "43171", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0076", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-3188", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0268", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-3122", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0032", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-3134", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU91284469", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2010-002548", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2010-4180", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "116124", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101256", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106330", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105638", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "97287", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "96498", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106754", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2010-4180" }, { "db": "BID", "id": "45164" }, { "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "db": "PACKETSTORM", "id": "116124" }, { "db": "PACKETSTORM", "id": "101256" }, { "db": "PACKETSTORM", "id": "106330" }, { "db": "PACKETSTORM", "id": "105638" }, { "db": "PACKETSTORM", "id": "97287" }, { "db": "PACKETSTORM", "id": "96498" }, { "db": "PACKETSTORM", "id": "106754" }, { "db": "NVD", "id": "CVE-2010-4180" } ] }, "id": "VAR-201012-0193", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41666666 }, "last_update_date": "2024-07-23T19:37:04.941000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT4723", "trust": 0.8, "url": "http://support.apple.com/kb/ht4723" }, { "title": "openssl-0.9.8e-12.AXS3.7", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1324" }, { "title": "HPSBUX02638", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c02737002" }, { "title": "2168", "trust": 0.8, "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2168" }, { "title": "20131", "trust": 0.8, "url": "http://cvs.openssl.org/chngview?cn=20131" }, { "title": "secadv_20101202", "trust": 0.8, "url": "http://openssl.org/news/secadv_20101202.txt" }, { "title": "RHSA-2010:0977", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0977.html" }, { "title": "RHSA-2010:0978", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0978.html" }, { "title": "RHSA-2010:0979", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0979.html" }, { "title": "SA53", "trust": 0.8, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa53" }, { "title": "cve_2010_4180_affects_openssl", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/cve_2010_4180_affects_openssl" }, { "title": "Multiple OpenSSL vulnerabilities in Sun SPARC Enterprise M-series XCP Firmware", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_openssl_vulnerabilities_in_sun" }, { "title": "TLSA-2013-3", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2013/tlsa-2013-3j.html" }, { "title": "VMSA-2011-0013", "trust": 0.8, "url": "http://www.vmware.com/jp/support/support-resources/advisories/vmsa-2011-0013.html" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1029-1" }, { "title": "Debian Security Advisories: DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=1c00cc4c6dbe7bb057db61e10ff97d6d" }, { "title": "Symantec Security Advisories: SA53 : OpenSSL Ciphersuite Downgrade Attack (CVE-2010-4180)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=92a9a237511ca120aa4255feb5bdf611" }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " }, { "title": "", "trust": 0.1, "url": "https://github.com/khulnasoft-labs/awesome-security " } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4180" }, { "db": "JVNDB", "id": "JVNDB-2010-002548" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-DesignError", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "db": "NVD", "id": "CVE-2010-4180" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "http://www.vupen.com/english/advisories/2010/3120" }, { "trust": 1.9, "url": "http://secunia.com/advisories/42473" }, { "trust": 1.9, "url": "http://osvdb.org/69565" }, { "trust": 1.9, "url": "http://www.securitytracker.com/id?1024822" }, { "trust": 1.9, "url": "http://www.securityfocus.com/bid/45164" }, { "trust": 1.5, "url": "http://www.kb.cert.org/vuls/id/737740" }, { "trust": 1.1, "url": "http://w3.efi.com/fiery" }, { "trust": 1.1, "url": "http://cvs.openssl.org/chngview?cn=20131" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "trust": 1.1, "url": "http://openssl.org/news/secadv_20101202.txt" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/3122" }, { "trust": 1.1, "url": "http://ubuntu.com/usn/usn-1029-1" }, { "trust": 1.1, "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/3134" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42493" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:248" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42469" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/3188" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-december/052027.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0979.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42620" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42571" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-december/052315.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2011/dsa-2141" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42811" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0977.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0978.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42877" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0076" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0268" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43171" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43172" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43169" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43173" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43170" }, { "trust": 1.1, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa53\u0026actp=list" }, { "trust": 1.1, "url": "http://secunia.com/advisories/44269" }, { "trust": 1.1, "url": "http://support.apple.com/kb/ht4723" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0896.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/522176" }, { "trust": 1.1, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02794777" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18910" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4180" }, { "trust": 0.8, "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64" }, { "trust": 0.8, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu976710" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu91284469/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4180" }, { "trust": 0.6, "url": "http://support.avaya.com/css/p8/documents/100124969" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4180" }, { "trust": 0.3, "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000107.html" }, { "trust": 0.3, "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000111.html" }, { "trust": 0.3, "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000108.html" }, { "trust": 0.3, "url": "http://blogs.sun.com/security/entry/cve_2010_4180_affects_openssl" }, { "trust": 0.3, "url": "http://www.novell.com/support/viewcontent.do?externalid=3426981" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03263573" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_openssl_vulnerabilities_in_sun" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://www.openssl.org/news/secadv_20101202.txt\\" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2011-0013.html" }, { "trust": 0.3, "url": "/archive/1/516801" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100124972" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100131810" }, { "trust": 0.3, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa53" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03024266\u0026ac.admitted=1320706848406.876444892.492883150" }, { "trust": 0.3, "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02794777" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory2.asc" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100124969" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4252" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0014" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-7270" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1029-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4410" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1020" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4325" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0830" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4110" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4128" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3363" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5029" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1833" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2496" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2761" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3188" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5064" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1089" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2699" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4609" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3597" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4132" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4324" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2484" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3864" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4473" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3556" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560" }, { "trust": 0.1, "url": "https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4472" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4474" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0862" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3554" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3562" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1321" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3557" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3567" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4451" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3553" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2054" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3555" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4465" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0864" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4469" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3561" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3541" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3559" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3565" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0802" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3574" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3563" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4452" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3573" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3549" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0873" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4450" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3568" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4471" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1321" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3560" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3572" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4463" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0815" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4447" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3566" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4476" }, { "trust": 0.1, "url": "http://enigmail.mozdev.org/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4467" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0865" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0867" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3558" }, { "trust": 0.1, "url": "http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570" }, { "trust": 0.1, "url": "http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0871" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3552" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4448" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7270" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3570" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0002" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4475" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4454" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4470" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4462" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3173" }, { "trust": 0.1, "url": "https://www.vmware.com/support/pubs/vum_pubs.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2054" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3569" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0814" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4468" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3551" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0742" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4355" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3207" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2939" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1633" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3210" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0740" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-01.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3245" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0433" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0014" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4355" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4252" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://www.openssl.org/news/secadv_20101202.txt" }, { "trust": 0.1, "url": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf" }, { "trust": 0.1, "url": "http://www.openssl.org/news/secadv_20101116-2.txt" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "http://www.hp.com/go/bizsupport" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2010-4180" }, { "db": "BID", "id": "45164" }, { "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "db": "PACKETSTORM", "id": "116124" }, { "db": "PACKETSTORM", "id": "101256" }, { "db": "PACKETSTORM", "id": "106330" }, { "db": "PACKETSTORM", "id": "105638" }, { "db": "PACKETSTORM", "id": "97287" }, { "db": "PACKETSTORM", "id": "96498" }, { "db": "PACKETSTORM", "id": "106754" }, { "db": "NVD", "id": "CVE-2010-4180" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2010-4180" }, { "db": "BID", "id": "45164" }, { "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "db": "PACKETSTORM", "id": "116124" }, { "db": "PACKETSTORM", "id": "101256" }, { "db": "PACKETSTORM", "id": "106330" }, { "db": "PACKETSTORM", "id": "105638" }, { "db": "PACKETSTORM", "id": "97287" }, { "db": "PACKETSTORM", "id": "96498" }, { "db": "PACKETSTORM", "id": "106754" }, { "db": "NVD", "id": "CVE-2010-4180" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-03-18T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2010-12-06T00:00:00", "db": "VULMON", "id": "CVE-2010-4180" }, { "date": "2010-12-02T00:00:00", "db": "BID", "id": "45164" }, { "date": "2010-12-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "date": "2012-09-01T00:00:25", "db": "PACKETSTORM", "id": "116124" }, { "date": "2011-05-10T00:44:30", "db": "PACKETSTORM", "id": "101256" }, { "date": "2011-10-28T14:46:28", "db": "PACKETSTORM", "id": "106330" }, { "date": "2011-10-09T16:42:00", "db": "PACKETSTORM", "id": "105638" }, { "date": "2011-01-06T16:22:22", "db": "PACKETSTORM", "id": "97287" }, { "date": "2010-12-03T12:12:12", "db": "PACKETSTORM", "id": "96498" }, { "date": "2011-11-09T00:58:11", "db": "PACKETSTORM", "id": "106754" }, { "date": "2010-12-06T21:05:48.687000", "db": "NVD", "id": "CVE-2010-4180" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-05-02T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2022-08-04T00:00:00", "db": "VULMON", "id": "CVE-2010-4180" }, { "date": "2015-04-13T21:15:00", "db": "BID", "id": "45164" }, { "date": "2012-12-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002548" }, { "date": "2022-08-04T19:59:42.243000", "db": "NVD", "id": "CVE-2010-4180" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "45164" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL", "sources": [ { "db": "CERT/CC", "id": "VU#737740" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "45164" } ], "trust": 0.3 } }
var-201811-0988
Vulnerability from variot
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Versions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. An attacker can exploit this vulnerability to consume a large amount of memory space.
For the stable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u2.
We recommend that you upgrade your nginx packages. ========================================================================== Ubuntu Security Notice USN-3812-1 November 07, 2018
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx.
Software Description: - nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that nginx incorrectly handled the HTTP/2 implementation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)
Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16844)
It was discovered that nginx incorrectly handled the ngx_http_mp4_module module. A remote attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2018-16845)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: nginx-common 1.15.5-0ubuntu2.1 nginx-core 1.15.5-0ubuntu2.1 nginx-extras 1.15.5-0ubuntu2.1 nginx-full 1.15.5-0ubuntu2.1 nginx-light 1.15.5-0ubuntu2.1
Ubuntu 18.04 LTS: nginx-common 1.14.0-0ubuntu1.2 nginx-core 1.14.0-0ubuntu1.2 nginx-extras 1.14.0-0ubuntu1.2 nginx-full 1.14.0-0ubuntu1.2 nginx-light 1.14.0-0ubuntu1.2
Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.3 nginx-core 1.10.3-0ubuntu0.16.04.3 nginx-extras 1.10.3-0ubuntu0.16.04.3 nginx-full 1.10.3-0ubuntu0.16.04.3 nginx-light 1.10.3-0ubuntu0.16.04.3
Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.9 nginx-core 1.4.6-1ubuntu3.9 nginx-extras 1.4.6-1ubuntu3.9 nginx-full 1.4.6-1ubuntu3.9 nginx-light 1.4.6-1ubuntu3.9
In general, a standard system update will make all the necessary changes.
The following packages have been upgraded to a later upstream version: rh-nginx114-nginx (1.14.1). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-nginx110-nginx security update Advisory ID: RHSA-2018:3653-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3653 Issue date: 2018-11-26 CVE Names: CVE-2018-16843 CVE-2018-16845 =====================================================================
- Summary:
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Red Hat would like to thank the Nginx project for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx110-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx110-nginx-1.10.2-8.el6.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx110-nginx-1.10.2-8.el6.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx110-nginx-1.10.2-8.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx110-nginx-1.10.2-8.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx110-nginx-1.10.2-8.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx110-nginx-1.10.2-8.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx110-nginx-1.10.2-8.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16843 https://access.redhat.com/security/cve/CVE-2018-16845 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW/vmotzjgjWX9erEAQgLFQ//c0AzsoAslgezACNt/7IQuf7IJy0o3ZJS RivGOSPey3gjDQDioSB5LYv5W89fmX5lQ8NsSmx/K+soAPpsz2OmwkFrJ3Mu9D/U DvE5WxP0TQcJOizA9k6huKhwtLYLmkMrnRmZUIJ/E6BiLVZbAP8/1CnoryK+JBum Ml1oFeOZUgwz2x0pvBPVPqGsRBFK3cE1SRxnSHgvwchMxYKSTwrHMARYFUavOrmZ VVRbL8xIiCPCEl7/OPKO3QD4M2vXhMHRwaquZJS/A6+Vls53qGAjJ9q3iLE+sEl5 Lb3B3AkbOtURmmoKOb8wdWlo9YRHckG+4mLXonNCIUteSZDWukns8gKti+AcSyOs gZ4e+IXDahfnP1+Lg9StFthKexpGGwp/ASBi0OZ8ZmyA6IVQzGyXW7nADlrdolKj 9q2zXQMPVFEtYu7tvDb/eJZq+ch/fkjIywps6+lQKRTkRSkT7SzUuopRj4z0eWt7 hy7/WXdf9+55sR6VM2XTQi5Oj4xjJkzmrFuYc2tG9oLSc2M+11ouuY/DgaMGnilE HVFQ5L9OjV7fV3yPbxFIA2avu4BuCR2xwggQ0fNihAtcqmCiYSESfIsCvHcM+V4P AQIcEgyuW0KOPH7ygRcBFbniri+sYRAk96jRpZtccmCjw45DUZcFdeHWJheWcZNc chCvd465nBo= =EyM5 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0988", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "18.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "14.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "16.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "18.10" }, { "model": "nginx", "scope": "gt", "trust": 1.0, "vendor": "f5", "version": "1.15.0" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.15.6" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.1" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.14.1" }, { "model": "nginx", "scope": "gt", "trust": 1.0, "vendor": "f5", "version": "1.9.5" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "ubuntu", "scope": null, "trust": 0.8, "vendor": "canonical", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.14.1" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.15.6" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "software collections for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.15.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.13.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.10" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.15.6" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.14.1" } ], "sources": [ { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.14.1", "versionStartExcluding": "1.9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.15.6", "versionStartExcluding": "1.15.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-16843" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Gal Goldshtein from F5 Networks, and Maxim Konovalov (Nginx)", "sources": [ { "db": "BID", "id": "105868" } ], "trust": 0.3 }, "cve": "CVE-2018-16843", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-16843", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-127243", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "secalert@redhat.com", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-16843", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-16843", "trust": 1.8, "value": "HIGH" }, { "author": "secalert@redhat.com", "id": "CVE-2018-16843", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201811-131", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-127243", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-16843", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-127243" }, { "db": "VULMON", "id": "CVE-2018-16843" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the \u0027http2\u0027 option of the \u0027listen\u0027 directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. \nVersions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. An attacker can exploit this vulnerability to consume a large amount of memory space. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2. \n\nWe recommend that you upgrade your nginx packages. ==========================================================================\nUbuntu Security Notice USN-3812-1\nNovember 07, 2018\n\nnginx vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nIt was discovered that nginx incorrectly handled the HTTP/2 implementation. This issue only affected\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)\n\nGal Goldshtein discovered that nginx incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nexcessive CPU usage, leading to a denial of service. This issue only\naffected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. \n(CVE-2018-16844)\n\nIt was discovered that nginx incorrectly handled the ngx_http_mp4_module\nmodule. A remote attacker could possibly use this issue with a specially\ncrafted mp4 file to cause nginx to crash, stop responding, or access\narbitrary memory. (CVE-2018-16845)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n nginx-common 1.15.5-0ubuntu2.1\n nginx-core 1.15.5-0ubuntu2.1\n nginx-extras 1.15.5-0ubuntu2.1\n nginx-full 1.15.5-0ubuntu2.1\n nginx-light 1.15.5-0ubuntu2.1\n\nUbuntu 18.04 LTS:\n nginx-common 1.14.0-0ubuntu1.2\n nginx-core 1.14.0-0ubuntu1.2\n nginx-extras 1.14.0-0ubuntu1.2\n nginx-full 1.14.0-0ubuntu1.2\n nginx-light 1.14.0-0ubuntu1.2\n\nUbuntu 16.04 LTS:\n nginx-common 1.10.3-0ubuntu0.16.04.3\n nginx-core 1.10.3-0ubuntu0.16.04.3\n nginx-extras 1.10.3-0ubuntu0.16.04.3\n nginx-full 1.10.3-0ubuntu0.16.04.3\n nginx-light 1.10.3-0ubuntu0.16.04.3\n\nUbuntu 14.04 LTS:\n nginx-common 1.4.6-1ubuntu3.9\n nginx-core 1.4.6-1ubuntu3.9\n nginx-extras 1.4.6-1ubuntu3.9\n nginx-full 1.4.6-1ubuntu3.9\n nginx-light 1.4.6-1ubuntu3.9\n\nIn general, a standard system update will make all the necessary changes. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nginx114-nginx (1.14.1). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-nginx110-nginx security update\nAdvisory ID: RHSA-2018:3653-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3653\nIssue date: 2018-11-26\nCVE Names: CVE-2018-16843 CVE-2018-16845 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx110-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nRed Hat would like to thank the Nginx project for reporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx110-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16843\nhttps://access.redhat.com/security/cve/CVE-2018-16845\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/vmotzjgjWX9erEAQgLFQ//c0AzsoAslgezACNt/7IQuf7IJy0o3ZJS\nRivGOSPey3gjDQDioSB5LYv5W89fmX5lQ8NsSmx/K+soAPpsz2OmwkFrJ3Mu9D/U\nDvE5WxP0TQcJOizA9k6huKhwtLYLmkMrnRmZUIJ/E6BiLVZbAP8/1CnoryK+JBum\nMl1oFeOZUgwz2x0pvBPVPqGsRBFK3cE1SRxnSHgvwchMxYKSTwrHMARYFUavOrmZ\nVVRbL8xIiCPCEl7/OPKO3QD4M2vXhMHRwaquZJS/A6+Vls53qGAjJ9q3iLE+sEl5\nLb3B3AkbOtURmmoKOb8wdWlo9YRHckG+4mLXonNCIUteSZDWukns8gKti+AcSyOs\ngZ4e+IXDahfnP1+Lg9StFthKexpGGwp/ASBi0OZ8ZmyA6IVQzGyXW7nADlrdolKj\n9q2zXQMPVFEtYu7tvDb/eJZq+ch/fkjIywps6+lQKRTkRSkT7SzUuopRj4z0eWt7\nhy7/WXdf9+55sR6VM2XTQi5Oj4xjJkzmrFuYc2tG9oLSc2M+11ouuY/DgaMGnilE\nHVFQ5L9OjV7fV3yPbxFIA2avu4BuCR2xwggQ0fNihAtcqmCiYSESfIsCvHcM+V4P\nAQIcEgyuW0KOPH7ygRcBFbniri+sYRAk96jRpZtccmCjw45DUZcFdeHWJheWcZNc\nchCvd465nBo=\n=EyM5\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"", "sources": [ { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "BID", "id": "105868" }, { "db": "VULHUB", "id": "VHN-127243" }, { "db": "VULMON", "id": "CVE-2018-16843" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "PACKETSTORM", "id": "164240" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-16843", "trust": 3.5 }, { "db": "BID", "id": "105868", "trust": 2.0 }, { "db": "SECTRACK", "id": "1042038", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2018-011775", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201811-131", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3384", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0464", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0451", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042571", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "150214", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150458", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150480", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150481", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150253", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-127243", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-16843", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127243" }, { "db": "VULMON", "id": "CVE-2018-16843" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "id": "VAR-201811-0988", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-127243" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:40:26.729000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-4335", "trust": 0.8, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "title": "USN-3812-1", "trust": 0.8, "url": "https://usn.ubuntu.com/3812-1/" }, { "title": "CVE-2018-16843, CVE-2018-16844", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "title": "nginx Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=86634" }, { "title": "Red Hat: Important: rh-nginx110-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183653 - security advisory" }, { "title": "Red Hat: Important: rh-nginx114-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183681 - security advisory" }, { "title": "Red Hat: Important: rh-nginx112-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183680 - security advisory" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3812-1" }, { "title": "Debian CVElist Bug Report Logs: nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f21dcb5d073b4fb671c738fa256c2347" }, { "title": "Red Hat: CVE-2018-16843", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-16843" }, { "title": "Amazon Linux AMI: ALAS-2018-1125", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-1125" }, { "title": "anitazhaochen.github.io", "trust": 0.1, "url": "https://github.com/anitazhaochen/anitazhaochen.github.io " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-16843" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127243" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "NVD", "id": "CVE-2018-16843" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16843" }, { "trust": 2.0, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "trust": 2.0, "url": "https://usn.ubuntu.com/3812-1/" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3653" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3680" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3681" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/105868" }, { "trust": 1.7, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.7, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1042038" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16843" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2018-16843" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2018-16845" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1489143" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0464/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3384/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75522" }, { "trust": 0.6, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10960610" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042571" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-shares-application-is-affected-by-nginx-vulnerabilities-cve-2018-16845-cve-2018-16843-cve-2019-7401/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-16844" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16844" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/nginx" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.2" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3812-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.9" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.15.5-0ubuntu2.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://developer.apple.com/xcode/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747" }, { "trust": 0.1, "url": "https://support.apple.com/ht212818." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529" } ], "sources": [ { "db": "VULHUB", "id": "VHN-127243" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-127243" }, { "db": "VULMON", "id": "CVE-2018-16843" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-07T00:00:00", "db": "VULHUB", "id": "VHN-127243" }, { "date": "2018-11-07T00:00:00", "db": "VULMON", "id": "CVE-2018-16843" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "date": "2018-11-12T16:57:53", "db": "PACKETSTORM", "id": "150253" }, { "date": "2018-11-07T17:35:27", "db": "PACKETSTORM", "id": "150214" }, { "date": "2018-11-27T17:24:35", "db": "PACKETSTORM", "id": "150480" }, { "date": "2018-11-27T17:24:48", "db": "PACKETSTORM", "id": "150481" }, { "date": "2018-11-26T10:02:22", "db": "PACKETSTORM", "id": "150458" }, { "date": "2021-09-22T16:28:58", "db": "PACKETSTORM", "id": "164240" }, { "date": "2018-11-07T14:29:00.777000", "db": "NVD", "id": "CVE-2018-16843" }, { "date": "2018-11-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-127243" }, { "date": "2022-02-22T00:00:00", "db": "VULMON", "id": "CVE-2018-16843" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "date": "2022-02-22T19:27:12.350000", "db": "NVD", "id": "CVE-2018-16843" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "150214" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Vulnerable to resource exhaustion", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011775" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-131" } ], "trust": 0.6 } }
var-201204-0228
Vulnerability from variot
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. nginx is prone to an information-disclosure vulnerability. Attackers can exploit this issue to harvest sensitive information that may lead to further attacks. BUGTRAQ ID: 52578 CVE ID: CVE-2012-1180 nginx is a widely used high-performance web server. There is an information disclosure vulnerability in nginx's implementation of processing malformed HTTP responses from upstream servers. 0 nginx 1.0.9 nginx 1.0.8 nginx 1.0.10 Vendor patch: Igor Sysoev ----------- At present, the vendor has released an upgrade patch to fix this security problem, please go to the vendor's homepage to download: http ://nginx.net/. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22
http://security.gentoo.org/
Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.0.14 >= 1.0.14
Description
Multiple vulnerabilities have been found in nginx:
- The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555).
- The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896).
- nginx does not properly sanitize user input for the the WebDAV COPY or MOVE methods (CVE-2009-3898).
- The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315).
- nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180).
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the nginx process, cause a Denial of Service condition, create or overwrite arbitrary files, or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-22.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2012:043 http://www.mandriva.com/security/
Package : nginx Date : March 29, 2012 Affected: 2010.1, 2011.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1180
Updated Packages:
Mandriva Linux 2010.1: 44b081cef04380c1b45336962f9e9c4a 2010.1/i586/nginx-0.8.41-1.1mdv2010.2.i586.rpm ba57a417d0064fb122694b5dacedb1dd 2010.1/SRPMS/nginx-0.8.41-1.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64: 0008b13952f6f57c14efabeba5fbc717 2010.1/x86_64/nginx-0.8.41-1.1mdv2010.2.x86_64.rpm ba57a417d0064fb122694b5dacedb1dd 2010.1/SRPMS/nginx-0.8.41-1.1mdv2010.2.src.rpm
Mandriva Linux 2011: dd738ba12a2127a78731eabb19129045 2011/i586/nginx-1.0.5-1.1-mdv2011.0.i586.rpm 5ee13d12672c9cd141449bd0dc024479 2011/SRPMS/nginx-1.0.5-1.1.src.rpm
Mandriva Linux 2011/X86_64: d4af6f92f3508722e79dad2a5d12f269 2011/x86_64/nginx-1.0.5-1.1-mdv2011.0.x86_64.rpm 5ee13d12672c9cd141449bd0dc024479 2011/SRPMS/nginx-1.0.5-1.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFPc/zbmqjQ0CJFipgRAsXqAKCDpT1SDD6heEKkG4xtUvKB19ofhgCgihpF qZLFGHfgElxAFfkUZ3nIlDw= =VETw -----END PGP SIGNATURE----- .
For the stable distribution (squeeze), this problem has been fixed in version 0.7.67-3+squeeze2.
For the unstable distribution (sid), this problem has been fixed in version 1.1.17-1.
We recommend that you upgrade your nginx packages. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Debian update for nginx
SECUNIA ADVISORY ID: SA48465
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48465/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48465
RELEASE DATE: 2012-03-20
DISCUSS ADVISORY: http://secunia.com/advisories/48465/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48465/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48465
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Debian has issued an update for nginx. This fixes a weakness, which can be exploited by malicious people to disclose certain sensitive information.
For more information: SA48366
SOLUTION: Apply updated packages via the apt-get package manager.
ORIGINAL ADVISORY: DSA-2434-1: http://www.debian.org/security/2012/dsa-2434
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201204-0228", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "17" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "6.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "15" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.1.17" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.0.14" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.1.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "16" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.1.0" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.1.x" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "0.7.44" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "0.7.45" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "0.7.43" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "0.7.41" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "0.7.39" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "0.7.40" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "0.7.46" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "0.7.42" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "0.7.48" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "0.7.47" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.10" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.9" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.8" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "1.1.17" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "1.0.14" } ], "sources": [ { "db": "BID", "id": "52578" }, { "db": "JVNDB", "id": "JVNDB-2012-002086" }, { "db": "NVD", "id": "CVE-2012-1180" }, { "db": "CNNVD", "id": "CNNVD-201203-375" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.14", "versionStartIncluding": "0.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.17", "versionStartIncluding": "1.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2012-1180" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Matthew Daley", "sources": [ { "db": "BID", "id": "52578" } ], "trust": 0.3 }, "cve": "CVE-2012-1180", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2012-1180", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-54461", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2012-1180", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201203-375", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-54461", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-54461" }, { "db": "JVNDB", "id": "JVNDB-2012-002086" }, { "db": "NVD", "id": "CVE-2012-1180" }, { "db": "CNNVD", "id": "CNNVD-201203-375" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. nginx is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to harvest sensitive information that may lead to further attacks. BUGTRAQ ID: 52578 CVE ID: CVE-2012-1180 nginx is a widely used high-performance web server. There is an information disclosure vulnerability in nginx\u0027s implementation of processing malformed HTTP responses from upstream servers. 0 nginx 1.0.9 nginx 1.0.8 nginx 1.0.10 Vendor patch: Igor Sysoev ----------- At present, the vendor has released an upgrade patch to fix this security problem, please go to the vendor\u0027s homepage to download: http ://nginx.net/. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: nginx: Multiple vulnerabilities\n Date: March 28, 2012\n Bugs: #293785, #293786, #293788, #389319, #408367\n ID: 201203-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.0.14 \u003e= 1.0.14\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in nginx:\n\n* The TLS protocol does not properly handle session renegotiation\n requests (CVE-2009-3555). \n* The \"ngx_http_process_request_headers()\" function in ngx_http_parse.c\n could cause a NULL pointer dereference (CVE-2009-3896). \n* nginx does not properly sanitize user input for the the WebDAV COPY\n or MOVE methods (CVE-2009-3898). \n* The \"ngx_resolver_copy()\" function in ngx_resolver.c contains a\n boundary error which could cause a heap-based buffer overflow\n (CVE-2011-4315). \n* nginx does not properly parse HTTP header responses which could\n expose sensitive information (CVE-2012-1180). \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the nginx process, cause a Denial of Service condition,\ncreate or overwrite arbitrary files, or obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.0.14\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2009-3896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896\n[ 3 ] CVE-2009-3898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898\n[ 4 ] CVE-2011-4315\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315\n[ 5 ] CVE-2012-1180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-22.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2012:043\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : nginx\n Date : March 29, 2012\n Affected: 2010.1, 2011. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1180\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2010.1:\n 44b081cef04380c1b45336962f9e9c4a 2010.1/i586/nginx-0.8.41-1.1mdv2010.2.i586.rpm \n ba57a417d0064fb122694b5dacedb1dd 2010.1/SRPMS/nginx-0.8.41-1.1mdv2010.2.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 0008b13952f6f57c14efabeba5fbc717 2010.1/x86_64/nginx-0.8.41-1.1mdv2010.2.x86_64.rpm \n ba57a417d0064fb122694b5dacedb1dd 2010.1/SRPMS/nginx-0.8.41-1.1mdv2010.2.src.rpm\n\n Mandriva Linux 2011:\n dd738ba12a2127a78731eabb19129045 2011/i586/nginx-1.0.5-1.1-mdv2011.0.i586.rpm \n 5ee13d12672c9cd141449bd0dc024479 2011/SRPMS/nginx-1.0.5-1.1.src.rpm\n\n Mandriva Linux 2011/X86_64:\n d4af6f92f3508722e79dad2a5d12f269 2011/x86_64/nginx-1.0.5-1.1-mdv2011.0.x86_64.rpm \n 5ee13d12672c9cd141449bd0dc024479 2011/SRPMS/nginx-1.0.5-1.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFPc/zbmqjQ0CJFipgRAsXqAKCDpT1SDD6heEKkG4xtUvKB19ofhgCgihpF\nqZLFGHfgElxAFfkUZ3nIlDw=\n=VETw\n-----END PGP SIGNATURE-----\n. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.7.67-3+squeeze2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.17-1. \n\nWe recommend that you upgrade your nginx packages. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nDebian update for nginx\n\nSECUNIA ADVISORY ID:\nSA48465\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48465/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48465\n\nRELEASE DATE:\n2012-03-20\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48465/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48465/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48465\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nDebian has issued an update for nginx. This fixes a weakness, which\ncan be exploited by malicious people to disclose certain sensitive\ninformation. \n\nFor more information:\nSA48366\n\nSOLUTION:\nApply updated packages via the apt-get package manager. \n\nORIGINAL ADVISORY:\nDSA-2434-1:\nhttp://www.debian.org/security/2012/dsa-2434\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-1180" }, { "db": "JVNDB", "id": "JVNDB-2012-002086" }, { "db": "BID", "id": "52578" }, { "db": "VULHUB", "id": "VHN-54461" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111370" }, { "db": "PACKETSTORM", "id": "111001" }, { "db": "PACKETSTORM", "id": "111045" }, { "db": "PACKETSTORM", "id": "111263" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-1180", "trust": 3.1 }, { "db": "BID", "id": "52578", "trust": 2.0 }, { "db": "SECUNIA", "id": "48465", "trust": 1.8 }, { "db": "SECUNIA", "id": "48577", "trust": 1.8 }, { "db": "SECTRACK", "id": "1026827", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2012/03/15/5", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2012/03/15/9", "trust": 1.7 }, { "db": "OSVDB", "id": "80124", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2012-002086", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201203-375", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "111001", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "111370", "trust": 0.2 }, { "db": "SEEBUG", "id": "SSVID-60011", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-54461", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111273", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111045", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111263", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-54461" }, { "db": "BID", "id": "52578" }, { "db": "JVNDB", "id": "JVNDB-2012-002086" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111370" }, { "db": "PACKETSTORM", "id": "111001" }, { "db": "PACKETSTORM", "id": "111045" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2012-1180" }, { "db": "CNNVD", "id": "CNNVD-201203-375" } ] }, "id": "VAR-201204-0228", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-54461" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:24:50.896000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FEDORA-2012-4006", "trust": 0.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-march/076671.html" }, { "title": "FEDORA-2012-3991", "trust": 0.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-march/076646.html" }, { "title": "FEDORA-2012-3846", "trust": 0.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/077966.html" }, { "title": "Changeset 4530", "trust": 0.8, "url": "http://trac.nginx.org/nginx/changeset/4530/nginx" }, { "title": "Changeset 4531", "trust": 0.8, "url": "http://trac.nginx.org/nginx/changeset/4531/nginx" }, { "title": "patch.2012.memory.txt", "trust": 0.8, "url": "http://nginx.org/download/patch.2012.memory.txt" }, { "title": "nginx security advisories", "trust": 0.8, "url": "http://nginx.org/en/security_advisories.html" }, { "title": "ngx_http_proxy_module", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42980" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-002086" }, { "db": "CNNVD", "id": "CNNVD-201203-375" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.1 }, { "problemtype": "CWE-399", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-54461" }, { "db": "JVNDB", "id": "JVNDB-2012-002086" }, { "db": "NVD", "id": "CVE-2012-1180" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.debian.org/security/2012/dsa-2434" }, { "trust": 2.3, "url": "http://www.securityfocus.com/bid/52578" }, { "trust": 2.0, "url": "http://seclists.org/bugtraq/2012/mar/65" }, { "trust": 2.0, "url": "http://trac.nginx.org/nginx/changeset/4530/nginx" }, { "trust": 2.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803856" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id?1026827" }, { "trust": 1.7, "url": "http://secunia.com/advisories/48465" }, { "trust": 1.7, "url": "http://secunia.com/advisories/48577" }, { "trust": 1.7, "url": "http://osvdb.org/80124" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/077966.html" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-march/076646.html" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-march/076671.html" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:043" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2012/03/15/5" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2012/03/15/9" }, { "trust": 1.7, "url": "http://nginx.org/download/patch.2012.memory.txt" }, { "trust": 1.7, "url": "http://nginx.org/en/security_advisories.html" }, { "trust": 1.7, "url": "http://trac.nginx.org/nginx/changeset/4531/nginx" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74191" }, { "trust": 1.7, "url": "https://hermes.opensuse.org/messages/14173096" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1180" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1180" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1180" }, { "trust": 0.2, "url": "http://secunia.com/psi_30_beta_launch" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.2, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.2, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.2, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3896" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4315" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3896" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4315" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48465" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48465/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48465/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48577/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48577/#comments" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml" } ], "sources": [ { "db": "VULHUB", "id": "VHN-54461" }, { "db": "BID", "id": "52578" }, { "db": "JVNDB", "id": "JVNDB-2012-002086" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111370" }, { "db": "PACKETSTORM", "id": "111001" }, { "db": "PACKETSTORM", "id": "111045" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2012-1180" }, { "db": "CNNVD", "id": "CNNVD-201203-375" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-54461" }, { "db": "BID", "id": "52578" }, { "db": "JVNDB", "id": "JVNDB-2012-002086" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111370" }, { "db": "PACKETSTORM", "id": "111001" }, { "db": "PACKETSTORM", "id": "111045" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2012-1180" }, { "db": "CNNVD", "id": "CNNVD-201203-375" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-04-17T00:00:00", "db": "VULHUB", "id": "VHN-54461" }, { "date": "2012-03-15T00:00:00", "db": "BID", "id": "52578" }, { "date": "2012-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-002086" }, { "date": "2012-03-29T02:37:12", "db": "PACKETSTORM", "id": "111273" }, { "date": "2012-03-30T00:15:51", "db": "PACKETSTORM", "id": "111370" }, { "date": "2012-03-20T15:34:43", "db": "PACKETSTORM", "id": "111001" }, { "date": "2012-03-21T07:16:12", "db": "PACKETSTORM", "id": "111045" }, { "date": "2012-03-28T06:36:19", "db": "PACKETSTORM", "id": "111263" }, { "date": "2012-04-17T21:55:01.227000", "db": "NVD", "id": "CVE-2012-1180" }, { "date": "2012-03-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201203-375" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-54461" }, { "date": "2015-04-13T22:13:00", "db": "BID", "id": "52578" }, { "date": "2012-06-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-002086" }, { "date": "2021-11-10T15:57:01.280000", "db": "NVD", "id": "CVE-2012-1180" }, { "date": "2023-05-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201203-375" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201203-375" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Vulnerability in which important information is obtained", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-002086" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201203-375" } ], "trust": 0.6 } }
var-201310-0633
Vulnerability from variot
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. Nginx is prone to an insecure file-permission vulnerability. Such information could aid in other attacks. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. There is a security vulnerability in the default configuration of nginx 1.3.13 and earlier versions. The vulnerability stems from the fact that the program uses globally readable permissions for the access.log and error.log files. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-04
http://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: October 06, 2013 Bugs: #458726, #468870 ID: 201310-04
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.4.1-r2 >= 1.4.1-r2
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Furthermore, a context-dependent attacker may be able to obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.1-r2"
References
[ 1 ] CVE-2013-0337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337 [ 2 ] CVE-2013-2028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028 [ 3 ] CVE-2013-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-04.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201310-0633", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.2.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.0.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.0.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.0.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.0.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.0.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.0.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.0.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.0.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.0.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.0.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.0.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.0.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.0.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.0.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.0.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.3.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.11" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.0.8" }, { "model": "nginx", "scope": "lte", "trust": 0.8, "vendor": "igor sysoev", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.0.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.0.12" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.0.15" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.0.11" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.0.13" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.0.10" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.0.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.10" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null } ], "sources": [ { "db": "BID", "id": "58105" }, { "db": "JVNDB", "id": "JVNDB-2013-004911" }, { "db": "NVD", "id": "CVE-2013-0337" }, { "db": "CNNVD", "id": "CNNVD-201302-530" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.3.13", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.3.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.1.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.0.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2013-0337" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Agostino Sarubbo", "sources": [ { "db": "BID", "id": "58105" }, { "db": "CNNVD", "id": "CNNVD-201302-530" } ], "trust": 0.9 }, "cve": "CVE-2013-0337", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2013-0337", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-60339", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2013-0337", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201302-530", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-60339", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-60339" }, { "db": "JVNDB", "id": "JVNDB-2013-004911" }, { "db": "NVD", "id": "CVE-2013-0337" }, { "db": "CNNVD", "id": "CNNVD-201302-530" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. Nginx is prone to an insecure file-permission vulnerability. Such information could aid in other attacks. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. There is a security vulnerability in the default configuration of nginx 1.3.13 and earlier versions. The vulnerability stems from the fact that the program uses globally readable permissions for the access.log and error.log files. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201310-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: October 06, 2013\n Bugs: #458726, #468870\n ID: 201310-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.4.1-r2 \u003e= 1.4.1-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could send a specially crafted request, possibly\nresulting in execution of arbitrary code with the privileges of the\nprocess, or a Denial of Service condition. Furthermore, a\ncontext-dependent attacker may be able to obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.4.1-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-0337\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337\n[ 2 ] CVE-2013-2028\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028\n[ 3 ] CVE-2013-2070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201310-04.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n", "sources": [ { "db": "NVD", "id": "CVE-2013-0337" }, { "db": "JVNDB", "id": "JVNDB-2013-004911" }, { "db": "BID", "id": "58105" }, { "db": "VULHUB", "id": "VHN-60339" }, { "db": "PACKETSTORM", "id": "123516" } ], "trust": 2.07 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-60339", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-60339" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2013-0337", "trust": 2.9 }, { "db": "SECUNIA", "id": "55181", "trust": 2.5 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2013/02/24/1", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2013/02/21/15", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2013/02/22/1", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2013-004911", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201302-530", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.1717", "trust": 0.6 }, { "db": "BID", "id": "58105", "trust": 0.4 }, { "db": "PACKETSTORM", "id": "123516", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-60339", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-60339" }, { "db": "BID", "id": "58105" }, { "db": "JVNDB", "id": "JVNDB-2013-004911" }, { "db": "PACKETSTORM", "id": "123516" }, { "db": "NVD", "id": "CVE-2013-0337" }, { "db": "CNNVD", "id": "CNNVD-201302-530" } ] }, "id": "VAR-201310-0633", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-60339" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:48:13.420000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "GLSA 201310-04", "trust": 0.8, "url": "http://www.gentoo.org/security/en/glsa/glsa-201310-04.xml" }, { "title": "Top Page", "trust": 0.8, "url": "http://nginx.org/ja/" }, { "title": "Nginx \u2018access.log\u2019 Fixes for insecure file permissions vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=90786" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-004911" }, { "db": "CNNVD", "id": "CNNVD-201302-530" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-60339" }, { "db": "JVNDB", "id": "JVNDB-2013-004911" }, { "db": "NVD", "id": "CVE-2013-0337" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://secunia.com/advisories/55181" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2013/02/22/1" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2013/02/21/15" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2013/02/24/1" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0337" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0337" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1717/" }, { "trust": 0.3, "url": "http://seclists.org/oss-sec/2013/q1/389" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2070" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0337" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0337" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2028" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2070" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2028" } ], "sources": [ { "db": "VULHUB", "id": "VHN-60339" }, { "db": "BID", "id": "58105" }, { "db": "JVNDB", "id": "JVNDB-2013-004911" }, { "db": "PACKETSTORM", "id": "123516" }, { "db": "NVD", "id": "CVE-2013-0337" }, { "db": "CNNVD", "id": "CNNVD-201302-530" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-60339" }, { "db": "BID", "id": "58105" }, { "db": "JVNDB", "id": "JVNDB-2013-004911" }, { "db": "PACKETSTORM", "id": "123516" }, { "db": "NVD", "id": "CVE-2013-0337" }, { "db": "CNNVD", "id": "CNNVD-201302-530" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-10-27T00:00:00", "db": "VULHUB", "id": "VHN-60339" }, { "date": "2013-02-21T00:00:00", "db": "BID", "id": "58105" }, { "date": "2013-10-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-004911" }, { "date": "2013-10-07T22:29:42", "db": "PACKETSTORM", "id": "123516" }, { "date": "2013-10-27T00:55:03.713000", "db": "NVD", "id": "CVE-2013-0337" }, { "date": "2013-02-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201302-530" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-60339" }, { "date": "2015-04-13T22:05:00", "db": "BID", "id": "58105" }, { "date": "2013-10-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-004911" }, { "date": "2021-11-10T15:57:02.123000", "db": "NVD", "id": "CVE-2013-0337" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201302-530" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201302-530" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Vulnerability in which important information is obtained in default settings", "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-004911" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201302-530" } ], "trust": 0.6 } }
var-202210-1373
Vulnerability from variot
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5281-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2022 https://www.debian.org/security/faq
Package : nginx CVE ID : CVE-2022-41741 CVE-2022-41742
It was discovered that parsing errors in the mp4 module of Nginx, a high-performance web and reverse proxy server, could result in denial of service, memory disclosure or potentially the execution of arbitrary code when processing a malformed mp4 file.
This module is only enabled in the nginx-extras binary package.
For the stable distribution (bullseye), these problems have been fixed in version 1.18.0-6.1+deb11u3.
We recommend that you upgrade your nginx packages.
For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNz9JcACgkQEMKTtsN8 Tjb4tg/7BRkAkF48UvvRjLolxVVuV1paSTRG8ArEeW3fHyA0fxs2UMuRL4ic1vqc i3wxAAfHvYoOnk+QBY20Ly2MN7S7OukNovKE9AZCPulyYkVjtIWNSBeY0PzCU60y RP/KCZAGoGEYi6s4SUrK194ved+7jIcybgLvvGA8FRKW3wTRvzRGMfR6NTLuP7B3 th0C5+KkapE8G5XlHWOIjv1h3Ok40cua7LtYx9RTITJ+wClvkJ6gPcCXXj/CnWWa PUvuEBwyr0PEBXfL9v1P8Eq1MmN+mWU9KeLYxIC+vcJxtpsYL67tMHIGTlDUgDVE FrXrDXi7XP/6hjl7t/J/cTPEwy/twX0emUQcUDlRNlOxh3skSmdPJP7DMu+t9UtQ suepgZ+oHfHh3gs9EWz2zRqbsVO03NjhKo9ebIjhe3H0P39cX3NN5qlSJeNTY45k VBDecnPQnhYqYuzqwXy5ZoUQDcU0Bo7zaUzeYhUsfXqrROV/tj+UTMrM2anHdQ4B kAOrCBpmGP1lLvDs2PzBcWmBtII/5VTKZep05xH0L+dZWDV07j1ekCzv3/kuKiMl GTJQ7yl3fgKjLdkjMFKQIfsm3xdYwzxjOmtEY86tUV0LjtdR2GlJtF4YdIQhA4b1 /R82ZisLfmZ4ElL+ua8iypLOe9reyO4EpVVDkeewFS64Ye1Wn3k=3mDY -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1373", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx ingress controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.12.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "r1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.23.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "r2" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.22.0" }, { "model": "nginx ingress controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "2.4.0" }, { "model": "nginx ingress controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.9.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "37" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "36" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "r27" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "r22" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.1.3" }, { "model": "nginx ingress controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "2.0.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.23.1" } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41742" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.4.0", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.12.4", "versionStartIncluding": "1.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:plus:*:*:*", "cpe_name": [], "versionEndIncluding": "r27", "versionStartIncluding": "r22", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.23.1:*:*:*:open_source:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.23.0:*:*:*:open_source:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:open_source:*:*:*", "cpe_name": [], "versionEndIncluding": "1.22.0", "versionStartIncluding": "1.1.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:r2:*:*:*:open_source_subscription:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:r1:*:*:*:open_source_subscription:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41742" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Debian", "sources": [ { "db": "PACKETSTORM", "id": "169909" } ], "trust": 0.1 }, "cve": "CVE-2022-41742", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.2, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-41742", "trust": 1.0, "value": "HIGH" }, { "author": "f5sirt@f5.com", "id": "CVE-2022-41742", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202210-1409", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41742" }, { "db": "NVD", "id": "CVE-2022-41742" }, { "db": "CNNVD", "id": "CNNVD-202210-1409" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5281-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 15, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nginx\nCVE ID : CVE-2022-41741 CVE-2022-41742\n\nIt was discovered that parsing errors in the mp4 module of Nginx, a\nhigh-performance web and reverse proxy server, could result in denial\nof service, memory disclosure or potentially the execution of arbitrary\ncode when processing a malformed mp4 file. \n\nThis module is only enabled in the nginx-extras binary package. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.18.0-6.1+deb11u3. \n\nWe recommend that you upgrade your nginx packages. \n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNz9JcACgkQEMKTtsN8\nTjb4tg/7BRkAkF48UvvRjLolxVVuV1paSTRG8ArEeW3fHyA0fxs2UMuRL4ic1vqc\ni3wxAAfHvYoOnk+QBY20Ly2MN7S7OukNovKE9AZCPulyYkVjtIWNSBeY0PzCU60y\nRP/KCZAGoGEYi6s4SUrK194ved+7jIcybgLvvGA8FRKW3wTRvzRGMfR6NTLuP7B3\nth0C5+KkapE8G5XlHWOIjv1h3Ok40cua7LtYx9RTITJ+wClvkJ6gPcCXXj/CnWWa\nPUvuEBwyr0PEBXfL9v1P8Eq1MmN+mWU9KeLYxIC+vcJxtpsYL67tMHIGTlDUgDVE\nFrXrDXi7XP/6hjl7t/J/cTPEwy/twX0emUQcUDlRNlOxh3skSmdPJP7DMu+t9UtQ\nsuepgZ+oHfHh3gs9EWz2zRqbsVO03NjhKo9ebIjhe3H0P39cX3NN5qlSJeNTY45k\nVBDecnPQnhYqYuzqwXy5ZoUQDcU0Bo7zaUzeYhUsfXqrROV/tj+UTMrM2anHdQ4B\nkAOrCBpmGP1lLvDs2PzBcWmBtII/5VTKZep05xH0L+dZWDV07j1ekCzv3/kuKiMl\nGTJQ7yl3fgKjLdkjMFKQIfsm3xdYwzxjOmtEY86tUV0LjtdR2GlJtF4YdIQhA4b1\n/R82ZisLfmZ4ElL+ua8iypLOe9reyO4EpVVDkeewFS64Ye1Wn3k=3mDY\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2022-41742" }, { "db": "VULHUB", "id": "VHN-438029" }, { "db": "PACKETSTORM", "id": "169909" } ], "trust": 1.08 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41742", "trust": 1.8 }, { "db": "PACKETSTORM", "id": "169909", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2022.6109", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.5959", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202210-1409", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-438029", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-438029" }, { "db": "PACKETSTORM", "id": "169909" }, { "db": "NVD", "id": "CVE-2022-41742" }, { "db": "CNNVD", "id": "CNNVD-202210-1409" } ] }, "id": "VAR-202210-1373", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-438029" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:08:17.042000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "F5 Nginx Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=237346" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202210-1409" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-438029" }, { "db": "NVD", "id": "CVE-2022-41742" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20230120-0005/" }, { "trust": 1.7, "url": "https://www.debian.org/security/2022/dsa-5281" }, { "trust": 1.7, "url": "https://support.f5.com/csp/article/k28112382" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bprvya4fs34vwb4fefynad7z2lfcjvei/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fd6m3pvvko35wlaa7gldbs6teq26sm64/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wborrvg7vvxyoaiad64zhes2u2viukfq/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wborrvg7vvxyoaiad64zhes2u2viukfq/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fd6m3pvvko35wlaa7gldbs6teq26sm64/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bprvya4fs34vwb4fefynad7z2lfcjvei/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5959" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41742/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/169909/debian-security-advisory-5281-1.html" }, { "trust": 0.6, "url": "http-mp4-module-39638" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/nginx-two-vulnerabilities-via-ngx-" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.6109" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/nginx" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41741" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41742" } ], "sources": [ { "db": "VULHUB", "id": "VHN-438029" }, { "db": "PACKETSTORM", "id": "169909" }, { "db": "NVD", "id": "CVE-2022-41742" }, { "db": "CNNVD", "id": "CNNVD-202210-1409" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-438029" }, { "db": "PACKETSTORM", "id": "169909" }, { "db": "NVD", "id": "CVE-2022-41742" }, { "db": "CNNVD", "id": "CNNVD-202210-1409" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-10-19T00:00:00", "db": "VULHUB", "id": "VHN-438029" }, { "date": "2022-11-16T16:11:49", "db": "PACKETSTORM", "id": "169909" }, { "date": "2022-10-19T22:15:12.717000", "db": "NVD", "id": "CVE-2022-41742" }, { "date": "2022-10-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202210-1409" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-10T00:00:00", "db": "VULHUB", "id": "VHN-438029" }, { "date": "2023-11-07T03:52:58.440000", "db": "NVD", "id": "CVE-2022-41742" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202210-1409" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202210-1409" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "F5 Nginx Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202210-1409" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202210-1409" } ], "trust": 0.6 } }
var-201311-0399
Vulnerability from variot
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. nginx 0.8.41 through 1.5.6 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A security vulnerability exists in nginx versions 0.8.41 through 1.4.3 and 1.5.x prior to 1.5.7. The vulnerability stems from the program not properly validating request URIs containing unescaped space characters.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547 http://advisories.mageia.org/MGASA-2013-0349.html
Updated Packages:
Mandriva Business Server 1/X86_64: ee03201627b548e26667eec1e5ac7dae mbs1/x86_64/nginx-1.0.15-3.1.mbs1.x86_64.rpm 6404dde21b871054a663171b5460fac8 mbs1/SRPMS/nginx-1.0.15-3.1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2802-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst November 21, 2013 http://www.debian.org/security/faq
Package : nginx Vulnerability : restriction bypass Problem type : remote Debian-specific: no CVE ID : CVE-2013-4547 Debian Bug : 730012
Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request.
The oldstable distribution (squeeze) is not affected by this problem.
For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy2.
For the unstable distribution (sid), this problem has been fixed in version 1.4.4-1.
We recommend that you upgrade your nginx packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST q9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO 3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6 Ddh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6 OHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f vAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw== =ttYS -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201311-0399", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "12.3" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.1" }, { "model": "lifecycle management server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "1.3" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.8.41" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.5.6" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.5.0" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "12.2" }, { "model": "studio onsite", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "1.3" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.4.4" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.4" }, { "model": "webyast", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.5.7" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.5.x" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.41 to 1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.4.2" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.3.8" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.1.17" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.10" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.9" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.8" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.40" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.1.19" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.15" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" } ], "sources": [ { "db": "BID", "id": "63814" }, { "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "db": "NVD", "id": "CVE-2013-4547" }, { "db": "CNNVD", "id": "CNNVD-201311-336" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.4", "versionStartIncluding": "0.8.41", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.5.6", "versionStartIncluding": "1.5.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:suse:lifecycle_management_server:1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:suse:webyast:1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2013-4547" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ivan Fratric of the Google Security Team", "sources": [ { "db": "BID", "id": "63814" }, { "db": "CNNVD", "id": "CNNVD-201311-336" } ], "trust": 0.9 }, "cve": "CVE-2013-4547", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2013-4547", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-64549", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2013-4547", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201311-336", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-64549", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2013-4547", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-64549" }, { "db": "VULMON", "id": "CVE-2013-4547" }, { "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "db": "NVD", "id": "CVE-2013-4547" }, { "db": "CNNVD", "id": "CNNVD-201311-336" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx is prone to a remote security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \nnginx 0.8.41 through 1.5.6 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A security vulnerability exists in nginx versions 0.8.41 through 1.4.3 and 1.5.x prior to 1.5.7. The vulnerability stems from the program not properly validating request URIs containing unescaped space characters. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547\n http://advisories.mageia.org/MGASA-2013-0349.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n ee03201627b548e26667eec1e5ac7dae mbs1/x86_64/nginx-1.0.15-3.1.mbs1.x86_64.rpm \n 6404dde21b871054a663171b5460fac8 mbs1/SRPMS/nginx-1.0.15-3.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2802-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nNovember 21, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nginx\nVulnerability : restriction bypass\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4547\nDebian Bug : 730012\n\nIvan Fratric of the Google Security Team discovered a bug in nginx,\na web server, which might allow an attacker to bypass security\nrestrictions by using a specially crafted request. \n\nThe oldstable distribution (squeeze) is not affected by this problem. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.1-2.2+wheezy2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.4-1. \n\nWe recommend that you upgrade your nginx packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST\nq9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO\n3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6\nDdh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6\nOHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f\nvAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw==\n=ttYS\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2013-4547" }, { "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "db": "BID", "id": "63814" }, { "db": "VULHUB", "id": "VHN-64549" }, { "db": "VULMON", "id": "CVE-2013-4547" }, { "db": "PACKETSTORM", "id": "124159" }, { "db": "PACKETSTORM", "id": "124145" } ], "trust": 2.25 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-64549", "trust": 0.1, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38846", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-64549" }, { "db": "VULMON", "id": "CVE-2013-4547" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2013-4547", "trust": 3.1 }, { "db": "SECUNIA", "id": "55825", "trust": 1.8 }, { "db": "SECUNIA", "id": "55757", "trust": 1.8 }, { "db": "SECUNIA", "id": "55822", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2013-005289", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201311-336", "trust": 0.7 }, { "db": "BID", "id": "63814", "trust": 0.5 }, { "db": "PACKETSTORM", "id": "124145", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "124159", "trust": 0.2 }, { "db": "EXPLOIT-DB", "id": "38846", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-64549", "trust": 0.1 }, { "db": "EXPLOITDB", "id": "38846", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2013-4547", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-64549" }, { "db": "VULMON", "id": "CVE-2013-4547" }, { "db": "BID", "id": "63814" }, { "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "db": "PACKETSTORM", "id": "124159" }, { "db": "PACKETSTORM", "id": "124145" }, { "db": "NVD", "id": "CVE-2013-4547" }, { "db": "CNNVD", "id": "CNNVD-201311-336" } ] }, "id": "VAR-201311-0399", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-64549" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T12:21:32.796000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-2802", "trust": 0.8, "url": "http://www.debian.org/security/2013/dsa-2802" }, { "title": "Top Page", "trust": 0.8, "url": "http://nginx.com/" }, { "title": "SUSE-SU-2013:1895", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html" }, { "title": "openSUSE-SU-2013:1791", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html" }, { "title": "openSUSE-SU-2013:1792", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html" }, { "title": "openSUSE-SU-2013:1745", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html" }, { "title": "nginx-1.5.7", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48998" }, { "title": "nginx-1.4.4", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48997" }, { "title": "nginx-1.4.4", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48996" }, { "title": "nginx-1.4.4", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=49035" }, { "title": "nginx-1.5.7", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48999" }, { "title": "Debian CVElist Bug Report Logs: nginx: CVE-2013-4547", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f4bb5a4a182af6a4c8ca260ef90a3d69" }, { "title": "Debian Security Advisories: DSA-2802-1 nginx -- restriction bypass", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0e9f3c319e9988b421581c9d566c73e5" }, { "title": "Debian CVElist Bug Report Logs: nginx:CVE-2014-3616: possible to reuse cached SSL sessions in unrelated contexts", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=703629f55868e4fc7623e469fe23486b" }, { "title": "Amazon Linux AMI: ALAS-2013-249", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2013-249" }, { "title": "DVWA-Note", "trust": 0.1, "url": "https://github.com/dhgdhg/dvwa- " }, { "title": "DVWA-Note", "trust": 0.1, "url": "https://github.com/twfb/dvwa-note " }, { "title": "DVWA-Note", "trust": 0.1, "url": "https://github.com/dhgdhg/dvwa " }, { "title": "usn-search", "trust": 0.1, "url": "https://github.com/lukeber4/usn-search " }, { "title": "Vision", "trust": 0.1, "url": "https://github.com/coolervoid/vision " }, { "title": "Vision2", "trust": 0.1, "url": "https://github.com/coolervoid/vision2 " }, { "title": "woodswiki", "trust": 0.1, "url": "https://github.com/woods-sega/woodswiki " } ], "sources": [ { "db": "VULMON", "id": "CVE-2013-4547" }, { "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "db": "CNNVD", "id": "CNNVD-201311-336" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-116", "trust": 1.1 }, { "problemtype": "CWE-264", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-64549" }, { "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "db": "NVD", "id": "CVE-2013-4547" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.debian.org/security/2012/dsa-2802" }, { "trust": 2.1, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html" }, { "trust": 1.8, "url": "http://secunia.com/advisories/55757" }, { "trust": 1.8, "url": "http://secunia.com/advisories/55822" }, { "trust": 1.8, "url": "http://secunia.com/advisories/55825" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4547" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4547" }, { "trust": 0.3, "url": "http://nginx.org/download/patch.2013.space.txt" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671931" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4547" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/116.html" }, { "trust": 0.1, "url": "https://github.com/dhgdhg/dvwa-" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/38846/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.securityfocus.com/bid/63814" }, { "trust": 0.1, "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730012" }, { "trust": 0.1, "url": "https://www.debian.org/security/./dsa-2802" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://advisories.mageia.org/mgasa-2013-0349.html" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-64549" }, { "db": "VULMON", "id": "CVE-2013-4547" }, { "db": "BID", "id": "63814" }, { "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "db": "PACKETSTORM", "id": "124159" }, { "db": "PACKETSTORM", "id": "124145" }, { "db": "NVD", "id": "CVE-2013-4547" }, { "db": "CNNVD", "id": "CNNVD-201311-336" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-64549" }, { "db": "VULMON", "id": "CVE-2013-4547" }, { "db": "BID", "id": "63814" }, { "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "db": "PACKETSTORM", "id": "124159" }, { "db": "PACKETSTORM", "id": "124145" }, { "db": "NVD", "id": "CVE-2013-4547" }, { "db": "CNNVD", "id": "CNNVD-201311-336" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-11-23T00:00:00", "db": "VULHUB", "id": "VHN-64549" }, { "date": "2013-11-23T00:00:00", "db": "VULMON", "id": "CVE-2013-4547" }, { "date": "2013-11-19T00:00:00", "db": "BID", "id": "63814" }, { "date": "2013-11-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "date": "2013-11-25T17:07:04", "db": "PACKETSTORM", "id": "124159" }, { "date": "2013-11-22T21:29:14", "db": "PACKETSTORM", "id": "124145" }, { "date": "2013-11-23T18:55:04.687000", "db": "NVD", "id": "CVE-2013-4547" }, { "date": "2013-11-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201311-336" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-64549" }, { "date": "2021-11-10T00:00:00", "db": "VULMON", "id": "CVE-2013-4547" }, { "date": "2015-05-07T17:10:00", "db": "BID", "id": "63814" }, { "date": "2013-12-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "date": "2021-11-10T15:59:33.657000", "db": "NVD", "id": "CVE-2013-4547" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201311-336" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201311-336" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Vulnerabilities that bypass restrictions", "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-005289" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201311-336" } ], "trust": 0.6 } }
var-202107-1672
Vulnerability from variot
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. F5 Networks of nginx Products from other vendors contain vulnerabilities related to certificate validation.Information may be obtained and information may be tampered with. (CVE-2020-11724). ========================================================================== Ubuntu Security Notice USN-5371-2 April 28, 2022
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
nginx could be made to redirect network traffic.
Software Description: - nginx: small, powerful, scalable web/proxy server
Details:
USN-5371-1 fixed several vulnerabilities in nginx. This update provides the fix for CVE-2021-3618 for Ubuntu 22.04 LTS.
Original advisory details:
It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11724)
It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-36309)
It was discovered that nginx mishandled the use of compatible certificates among multiple encryption protocols. (CVE-2021-3618)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: nginx-core 1.18.0-6ubuntu14.1 nginx-extras 1.18.0-6ubuntu14.1 nginx-light 1.18.0-6ubuntu14.1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5371-2 https://ubuntu.com/security/notices/USN-5371-1 CVE-2021-3618
Package Information: https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.1
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-1672", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "vsftpd", "scope": "lt", "trust": 1.0, "vendor": "vsftpd", "version": "3.0.4" }, { "model": "sendmail", "scope": "lt", "trust": 1.0, "vendor": "sendmail", "version": "8.17" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "33" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.21.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "vsftpd", "scope": null, "trust": 0.8, "vendor": "vsftpd", "version": null }, { "model": "nginx", "scope": null, "trust": 0.8, "vendor": "f5", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "sendmail", "scope": null, "trust": 0.8, "vendor": "sendmail consortium", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-019676" }, { "db": "NVD", "id": "CVE-2021-3618" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.21.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:vsftpd_project:vsftpd:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.4", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-3618" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ubuntu", "sources": [ { "db": "PACKETSTORM", "id": "166709" }, { "db": "PACKETSTORM", "id": "168672" }, { "db": "PACKETSTORM", "id": "166888" }, { "db": "PACKETSTORM", "id": "174729" } ], "trust": 0.4 }, "cve": "CVE-2021-3618", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-3618", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-395783", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.4, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-3618", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-3618", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202107-216", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-395783", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-3618", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-395783" }, { "db": "VULMON", "id": "CVE-2021-3618" }, { "db": "JVNDB", "id": "JVNDB-2021-019676" }, { "db": "NVD", "id": "CVE-2021-3618" }, { "db": "CNNVD", "id": "CNNVD-202107-216" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim\u0027s traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. F5 Networks of nginx Products from other vendors contain vulnerabilities related to certificate validation.Information may be obtained and information may be tampered with. (CVE-2020-11724). ==========================================================================\nUbuntu Security Notice USN-5371-2\nApril 28, 2022\n\nnginx vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\nnginx could be made to redirect network traffic. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nUSN-5371-1 fixed several vulnerabilities in nginx. \nThis update provides the fix for CVE-2021-3618 for Ubuntu 22.04 LTS. \n\nOriginal advisory details:\n\n It was discovered that nginx Lua module mishandled certain inputs. \n An attacker could possibly use this issue to perform an HTTP Request\n Smuggling attack. This issue only affects Ubuntu 18.04 LTS and\n Ubuntu 20.04 LTS. (CVE-2020-11724)\n\n It was discovered that nginx Lua module mishandled certain inputs. \n An attacker could possibly use this issue to disclose sensitive\n information. This issue only affects Ubuntu 18.04 LTS and\n Ubuntu 20.04 LTS. (CVE-2020-36309)\n\n It was discovered that nginx mishandled the use of\n compatible certificates among multiple encryption protocols. \n (CVE-2021-3618)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n nginx-core 1.18.0-6ubuntu14.1\n nginx-extras 1.18.0-6ubuntu14.1\n nginx-light 1.18.0-6ubuntu14.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5371-2\n https://ubuntu.com/security/notices/USN-5371-1\n CVE-2021-3618\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.1\n\n", "sources": [ { "db": "NVD", "id": "CVE-2021-3618" }, { "db": "JVNDB", "id": "JVNDB-2021-019676" }, { "db": "VULHUB", "id": "VHN-395783" }, { "db": "VULMON", "id": "CVE-2021-3618" }, { "db": "PACKETSTORM", "id": "166709" }, { "db": "PACKETSTORM", "id": "168672" }, { "db": "PACKETSTORM", "id": "166888" }, { "db": "PACKETSTORM", "id": "174729" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-3618", "trust": 3.8 }, { "db": "PACKETSTORM", "id": "168672", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-019676", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "166709", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "166888", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2022.6109", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1628", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.6139", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042817", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010906", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022041422", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-216", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-395783", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-3618", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "174729", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-395783" }, { "db": "VULMON", "id": "CVE-2021-3618" }, { "db": "JVNDB", "id": "JVNDB-2021-019676" }, { "db": "PACKETSTORM", "id": "166709" }, { "db": "PACKETSTORM", "id": "168672" }, { "db": "PACKETSTORM", "id": "166888" }, { "db": "PACKETSTORM", "id": "174729" }, { "db": "NVD", "id": "CVE-2021-3618" }, { "db": "CNNVD", "id": "CNNVD-202107-216" } ] }, "id": "VAR-202107-1672", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-395783" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:58:31.706000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top\u00a0Page", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html" }, { "title": "nginx Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=155955" }, { "title": "Ubuntu Security Notice: USN-5371-3: nginx vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5371-3" }, { "title": "Debian CVElist Bug Report Logs: nginx: CVE-2021-3618", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ef1074892d0995f0a511641c443018df" }, { "title": "Ubuntu Security Notice: USN-5371-2: nginx vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5371-2" }, { "title": "Ubuntu Security Notice: USN-5371-1: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5371-1" }, { "title": "Amazon Linux 2: ALASNGINX1-2023-002", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alasnginx1-2023-002" }, { "title": "Red Hat: CVE-2021-3618", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-3618" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-3618 log" }, { "title": "Amazon Linux 2022: ALAS2022-2022-172", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-172" }, { "title": "Amazon Linux 2022: ALAS2022-2022-132", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-132" }, { "title": "Amazon Linux 2022: ALAS2022-2022-171", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-171" }, { "title": "Amazon Linux 2022: ALAS2022-2022-136", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-136" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-3618 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-3618" }, { "db": "JVNDB", "id": "JVNDB-2021-019676" }, { "db": "CNNVD", "id": "CNNVD-202107-216" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-295", "trust": 1.1 }, { "problemtype": "Illegal certificate verification (CWE-295) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-395783" }, { "db": "JVNDB", "id": "JVNDB-2021-019676" }, { "db": "NVD", "id": "CVE-2021-3618" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://alpaca-attack.com/" }, { "trust": 1.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975623" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3618" }, { "trust": 0.6, "url": "https://ubuntu.com/security/cve-2021-3618" }, { "trust": 0.6, "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329" }, { "trust": 0.6, "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328" }, { "trust": 0.6, "url": "https://github.com/nginx/nginx/commit/173f16f736c10eae46cd15dd861b04b82d91a37a" }, { "trust": 0.6, "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991331" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010906" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6489853" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022041422" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/nginx-man-in-the-middle-via-the-tls-extension-alpn-35818" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168672/ubuntu-security-notice-usn-5371-3.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6514817" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2021-3618/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042817" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166709/ubuntu-security-notice-usn-5371-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1628" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.6109" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166888/ubuntu-security-notice-usn-5371-2.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.6139" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36309" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11724" }, { "trust": 0.3, "url": "https://ubuntu.com/security/notices/usn-5371-1" }, { "trust": 0.2, "url": "https://ubuntu.com/security/notices/usn-5371-3" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/295.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-3618" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu11.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.10" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.1" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-5371-2" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-6379-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/vsftpd/3.0.5-0ubuntu0.20.04.1" } ], "sources": [ { "db": "VULHUB", "id": "VHN-395783" }, { "db": "VULMON", "id": "CVE-2021-3618" }, { "db": "JVNDB", "id": "JVNDB-2021-019676" }, { "db": "PACKETSTORM", "id": "166709" }, { "db": "PACKETSTORM", "id": "168672" }, { "db": "PACKETSTORM", "id": "166888" }, { "db": "PACKETSTORM", "id": "174729" }, { "db": "NVD", "id": "CVE-2021-3618" }, { "db": "CNNVD", "id": "CNNVD-202107-216" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-395783" }, { "db": "VULMON", "id": "CVE-2021-3618" }, { "db": "JVNDB", "id": "JVNDB-2021-019676" }, { "db": "PACKETSTORM", "id": "166709" }, { "db": "PACKETSTORM", "id": "168672" }, { "db": "PACKETSTORM", "id": "166888" }, { "db": "PACKETSTORM", "id": "174729" }, { "db": "NVD", "id": "CVE-2021-3618" }, { "db": "CNNVD", "id": "CNNVD-202107-216" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-23T00:00:00", "db": "VULHUB", "id": "VHN-395783" }, { "date": "2022-03-23T00:00:00", "db": "VULMON", "id": "CVE-2021-3618" }, { "date": "2023-08-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-019676" }, { "date": "2022-04-13T15:03:13", "db": "PACKETSTORM", "id": "166709" }, { "date": "2022-10-10T16:13:35", "db": "PACKETSTORM", "id": "168672" }, { "date": "2022-04-28T15:18:16", "db": "PACKETSTORM", "id": "166888" }, { "date": "2023-09-19T15:23:43", "db": "PACKETSTORM", "id": "174729" }, { "date": "2022-03-23T20:15:09.833000", "db": "NVD", "id": "CVE-2021-3618" }, { "date": "2021-07-05T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-216" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-09T00:00:00", "db": "VULHUB", "id": "VHN-395783" }, { "date": "2023-02-09T00:00:00", "db": "VULMON", "id": "CVE-2021-3618" }, { "date": "2023-08-10T07:42:00", "db": "JVNDB", "id": "JVNDB-2021-019676" }, { "date": "2023-02-09T02:03:34.457000", "db": "NVD", "id": "CVE-2021-3618" }, { "date": "2023-05-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-216" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "168672" }, { "db": "PACKETSTORM", "id": "174729" }, { "db": "CNNVD", "id": "CNNVD-202107-216" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "F5\u00a0Networks\u00a0 of \u00a0nginx\u00a0 Vulnerability related to certificate verification in products of multiple vendors", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-019676" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "trust management problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-216" } ], "trust": 0.6 } }
var-201602-0393
Vulnerability from variot
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. There are security vulnerabilities in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if the "resolver" directive is used in a configuration file.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.1-2.2+wheezy4.
For the stable distribution (jessie), these problems have been fixed in version 1.6.2-5+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1.9.10-1.
For the unstable distribution (sid), these problems have been fixed in version 1.9.10-1.
We recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).
Security Fix(es):
-
A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. (CVE-2016-4450)
-
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742)
-
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. (CVE-2016-0746)
-
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. (CVE-2016-0747)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2892-1 February 09, 2016
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx. (CVE-2016-0747)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.1 nginx-extras 1.9.3-1ubuntu1.1 nginx-full 1.9.3-1ubuntu1.1 nginx-light 1.9.3-1ubuntu1.1
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.4 nginx-extras 1.4.6-1ubuntu3.4 nginx-full 1.4.6-1ubuntu3.4 nginx-light 1.4.6-1ubuntu3.4 nginx-naxsi 1.4.6-1ubuntu3.4
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0393", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.6, "vendor": "debian", "version": "8.0" }, { "model": "leap", "scope": "eq", "trust": 1.4, "vendor": "novell", "version": "42.1" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.9.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.9.10" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "software collections", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.10" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.6.18" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.8.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.1" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.9.10" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.9.x" }, { "model": "gnu/linux", "scope": "eq", "trust": 0.8, "vendor": "debian", "version": "1.2" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "15.10" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "14.04 lts" }, { "model": "gnu/linux", "scope": "eq", "trust": 0.8, "vendor": "debian", "version": "8.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.6.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" } ], "sources": [ { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "db": "NVD", "id": "CVE-2016-0742" }, { "db": "CNNVD", "id": "CNNVD-201602-057" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.1", "versionStartIncluding": "0.6.18", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.9.10", "versionStartIncluding": "1.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-0742" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "82230" } ], "trust": 0.3 }, "cve": "CVE-2016-0742", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-0742", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-88252", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-0742", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2016-0742", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201602-057", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-88252", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-0742", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-88252" }, { "db": "VULMON", "id": "CVE-2016-0742" }, { "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "db": "NVD", "id": "CVE-2016-0742" }, { "db": "CNNVD", "id": "CNNVD-201602-057" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. There are security vulnerabilities in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if\nthe \"resolver\" directive is used in a configuration file. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.1-2.2+wheezy4. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.6.2-5+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.9.10-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.10-1. \n\nWe recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2016:1425-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1425\nIssue date: 2016-07-14\nCVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 \n CVE-2016-4450 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web and proxy server with a focus on high concurrency,\nperformance, and low memory usage. \n\nThe following packages have been upgraded to a newer upstream version:\nrh-nginx18-nginx (1.8.1). \n\nSecurity Fix(es):\n\n* A NULL pointer dereference flaw was found in the nginx code responsible\nfor saving client request body to a temporary file. (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and\ndereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME\nDNS records. \n(CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME\nDNS records. \n(CVE-2016-0747)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0742\nhttps://access.redhat.com/security/cve/CVE-2016-0746\nhttps://access.redhat.com/security/cve/CVE-2016-0747\nhttps://access.redhat.com/security/cve/CVE-2016-4450\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp\nZhbDRXs2sdXbnakZ6oJi/K8=\n=7RBd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2892-1\nFebruary 09, 2016\n\nnginx vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n(CVE-2016-0747)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n nginx-core 1.9.3-1ubuntu1.1\n nginx-extras 1.9.3-1ubuntu1.1\n nginx-full 1.9.3-1ubuntu1.1\n nginx-light 1.9.3-1ubuntu1.1\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.4\n nginx-extras 1.4.6-1ubuntu3.4\n nginx-full 1.4.6-1ubuntu3.4\n nginx-light 1.4.6-1ubuntu3.4\n nginx-naxsi 1.4.6-1ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"", "sources": [ { "db": "NVD", "id": "CVE-2016-0742" }, { "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "db": "BID", "id": "82230" }, { "db": "VULHUB", "id": "VHN-88252" }, { "db": "VULMON", "id": "CVE-2016-0742" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-0742", "trust": 3.4 }, { "db": "SECTRACK", "id": "1034869", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2016-001524", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201602-057", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "BID", "id": "82230", "trust": 0.4 }, { "db": "PACKETSTORM", "id": "137908", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "135684", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "137518", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "135738", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-88252", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-0742", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88252" }, { "db": "VULMON", "id": "CVE-2016-0742" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0742" }, { "db": "CNNVD", "id": "CNNVD-201602-057" } ] }, "id": "VAR-201602-0393", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-88252" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:49:52.047000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-3473", "trust": 0.8, "url": "http://www.debian.org/security/2016/dsa-3473" }, { "title": "openSUSE-SU-2016:0371", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "title": "Bug 1302587", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587" }, { "title": "USN-2892-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/usn-2892-1/" }, { "title": "nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html" }, { "title": "nginx resolver Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=60054" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2892-1" }, { "title": "Red Hat: CVE-2016-0742", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-0742" }, { "title": "Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=10ec4e6c24845a17d787b01f883e17a7" }, { "title": "Amazon Linux AMI: ALAS-2016-655", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-655" }, { "title": "Symantec Security Advisories: SA115 : Multiple nginx DNS resolver vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=4df1d4c41a5a305df81d1cff15b6d5a3" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-0742" }, { "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "db": "CNNVD", "id": "CNNVD-201602-057" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.1 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88252" }, { "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "db": "NVD", "id": "CVE-2016-0742" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://security.gentoo.org/glsa/201606-06" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2016:1425" }, { "trust": 1.9, "url": "http://www.ubuntu.com/usn/usn-2892-1" }, { "trust": 1.8, "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "trust": 1.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587" }, { "trust": 1.8, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.8, "url": "http://www.debian.org/security/2016/dsa-3473" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.8, "url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1034869" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0742" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0742" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.10431541.1444954692.1454065053" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.85903129.1444954692.1454065053" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.107423490.1444954692.1454065053" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237" }, { "trust": 0.3, "url": "https://support.asperasoft.com/hc/en-us/articles/229846687-security-bulletin-multiple-vulnerabilities-with-the-nginx-web-server-used-in-ibm-aspera-shares-1-9-2-earlier" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/476.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2892-1/" }, { "trust": 0.1, "url": "https://www.securityfocus.com/bid/82230" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0742" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0747" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0746" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4450" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.1, "url": "https://developer.apple.com/xcode/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.1, "url": "https://support.apple.com/ht212818." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529" } ], "sources": [ { "db": "VULHUB", "id": "VHN-88252" }, { "db": "VULMON", "id": "CVE-2016-0742" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0742" }, { "db": "CNNVD", "id": "CNNVD-201602-057" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-88252" }, { "db": "VULMON", "id": "CVE-2016-0742" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0742" }, { "db": "CNNVD", "id": "CNNVD-201602-057" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-15T00:00:00", "db": "VULHUB", "id": "VHN-88252" }, { "date": "2016-02-15T00:00:00", "db": "VULMON", "id": "CVE-2016-0742" }, { "date": "2016-01-29T00:00:00", "db": "BID", "id": "82230" }, { "date": "2016-03-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "date": "2016-02-12T19:22:00", "db": "PACKETSTORM", "id": "135738" }, { "date": "2016-07-14T20:08:00", "db": "PACKETSTORM", "id": "137908" }, { "date": "2016-06-17T23:50:23", "db": "PACKETSTORM", "id": "137518" }, { "date": "2016-02-10T03:55:35", "db": "PACKETSTORM", "id": "135684" }, { "date": "2021-09-22T16:28:58", "db": "PACKETSTORM", "id": "164240" }, { "date": "2016-02-15T19:59:00.107000", "db": "NVD", "id": "CVE-2016-0742" }, { "date": "2016-01-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201602-057" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-88252" }, { "date": "2021-09-22T00:00:00", "db": "VULMON", "id": "CVE-2016-0742" }, { "date": "2016-10-26T00:01:00", "db": "BID", "id": "82230" }, { "date": "2016-03-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "date": "2021-12-15T17:13:25.617000", "db": "NVD", "id": "CVE-2016-0742" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201602-057" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "CNNVD", "id": "CNNVD-201602-057" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Service disruption in other resolvers (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001524" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201602-057" } ], "trust": 0.6 } }
var-201602-0392
Vulnerability from variot
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. There is a use-after-free vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if the "resolver" directive is used in a configuration file.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.1-2.2+wheezy4.
For the stable distribution (jessie), these problems have been fixed in version 1.6.2-5+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1.9.10-1.
For the unstable distribution (sid), these problems have been fixed in version 1.9.10-1.
We recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).
Security Fix(es):
-
A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. (CVE-2016-4450)
-
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742)
-
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. (CVE-2016-0746)
-
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. (CVE-2016-0747)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver 1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver 1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver 1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2892-1 February 09, 2016
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx. (CVE-2016-0747)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.1 nginx-extras 1.9.3-1ubuntu1.1 nginx-full 1.9.3-1ubuntu1.1 nginx-light 1.9.3-1ubuntu1.1
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.4 nginx-extras 1.4.6-1ubuntu3.4 nginx-full 1.4.6-1ubuntu3.4 nginx-light 1.4.6-1ubuntu3.4 nginx-naxsi 1.4.6-1ubuntu3.4
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0392", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.9.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.9.10" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.8.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.10" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.6.18" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.1" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "nginx", "scope": "eq", "trust": 0.9, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.9.10" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.9.x" }, { "model": "leap", "scope": "eq", "trust": 0.8, "vendor": "novell", "version": "42.1" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "15.10" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "14.04 lts" }, { "model": "gnu/linux", "scope": "eq", "trust": 0.8, "vendor": "debian", "version": "8.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.2" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.8" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.6" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.5" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.7" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.6.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" } ], "sources": [ { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "db": "NVD", "id": "CVE-2016-0746" }, { "db": "CNNVD", "id": "CNNVD-201602-058" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.8.0", "versionStartIncluding": "0.6.18", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.9.10", "versionStartIncluding": "1.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-0746" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "82230" } ], "trust": 0.3 }, "cve": "CVE-2016-0746", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-0746", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-88256", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-0746", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2016-0746", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201602-058", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-88256", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2016-0746", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-88256" }, { "db": "VULMON", "id": "CVE-2016-0746" }, { "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "db": "NVD", "id": "CVE-2016-0746" }, { "db": "CNNVD", "id": "CNNVD-201602-058" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. There is a use-after-free vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if\nthe \"resolver\" directive is used in a configuration file. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.1-2.2+wheezy4. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.6.2-5+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.9.10-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.10-1. \n\nWe recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2016:1425-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1425\nIssue date: 2016-07-14\nCVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 \n CVE-2016-4450 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web and proxy server with a focus on high concurrency,\nperformance, and low memory usage. \n\nThe following packages have been upgraded to a newer upstream version:\nrh-nginx18-nginx (1.8.1). \n\nSecurity Fix(es):\n\n* A NULL pointer dereference flaw was found in the nginx code responsible\nfor saving client request body to a temporary file. (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and\ndereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME\nDNS records. \n(CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME\nDNS records. \n(CVE-2016-0747)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver\n1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver\n1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver\n1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0742\nhttps://access.redhat.com/security/cve/CVE-2016-0746\nhttps://access.redhat.com/security/cve/CVE-2016-0747\nhttps://access.redhat.com/security/cve/CVE-2016-4450\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp\nZhbDRXs2sdXbnakZ6oJi/K8=\n=7RBd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2892-1\nFebruary 09, 2016\n\nnginx vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n(CVE-2016-0747)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n nginx-core 1.9.3-1ubuntu1.1\n nginx-extras 1.9.3-1ubuntu1.1\n nginx-full 1.9.3-1ubuntu1.1\n nginx-light 1.9.3-1ubuntu1.1\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.4\n nginx-extras 1.4.6-1ubuntu3.4\n nginx-full 1.4.6-1ubuntu3.4\n nginx-light 1.4.6-1ubuntu3.4\n nginx-naxsi 1.4.6-1ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"", "sources": [ { "db": "NVD", "id": "CVE-2016-0746" }, { "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "db": "BID", "id": "82230" }, { "db": "VULHUB", "id": "VHN-88256" }, { "db": "VULMON", "id": "CVE-2016-0746" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-0746", "trust": 3.4 }, { "db": "SECTRACK", "id": "1034869", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2016-001744", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201602-058", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "BID", "id": "82230", "trust": 0.4 }, { "db": "VULHUB", "id": "VHN-88256", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-0746", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135738", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137908", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137518", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135684", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88256" }, { "db": "VULMON", "id": "CVE-2016-0746" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0746" }, { "db": "CNNVD", "id": "CNNVD-201602-058" } ] }, "id": "VAR-201602-0392", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-88256" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:15:54.978000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-3473", "trust": 0.8, "url": "http://www.debian.org/security/2016/dsa-3473" }, { "title": "openSUSE-SU-2016:0371", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "title": "Bug 1302588", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588" }, { "title": "USN-2892-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/usn-2892-1/" }, { "title": "CVE-2016-0742, CVE-2016-0746, CVE-2016-0747", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html" }, { "title": "nginx resolver Remediation measures for reusing vulnerabilities after release", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=60055" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2892-1" }, { "title": "Red Hat: CVE-2016-0746", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-0746" }, { "title": "Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=10ec4e6c24845a17d787b01f883e17a7" }, { "title": "Amazon Linux AMI: ALAS-2016-655", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-655" }, { "title": "Symantec Security Advisories: SA115 : Multiple nginx DNS resolver vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=4df1d4c41a5a305df81d1cff15b6d5a3" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-0746" }, { "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "db": "CNNVD", "id": "CNNVD-201602-058" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.1 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88256" }, { "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "db": "NVD", "id": "CVE-2016-0746" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://security.gentoo.org/glsa/201606-06" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2016:1425" }, { "trust": 1.9, "url": "http://www.ubuntu.com/usn/usn-2892-1" }, { "trust": 1.8, "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "trust": 1.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588" }, { "trust": 1.8, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.8, "url": "http://www.debian.org/security/2016/dsa-3473" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.8, "url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1034869" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0746" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0746" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.10431541.1444954692.1454065053" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.85903129.1444954692.1454065053" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.107423490.1444954692.1454065053" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237" }, { "trust": 0.3, "url": "https://support.asperasoft.com/hc/en-us/articles/229846687-security-bulletin-multiple-vulnerabilities-with-the-nginx-web-server-used-in-ibm-aspera-shares-1-9-2-earlier" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/416.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2892-1/" }, { "trust": 0.1, "url": "https://www.securityfocus.com/bid/82230" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0742" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0747" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0746" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4450" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.1, "url": "https://developer.apple.com/xcode/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.1, "url": "https://support.apple.com/ht212818." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529" } ], "sources": [ { "db": "VULHUB", "id": "VHN-88256" }, { "db": "VULMON", "id": "CVE-2016-0746" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0746" }, { "db": "CNNVD", "id": "CNNVD-201602-058" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-88256" }, { "db": "VULMON", "id": "CVE-2016-0746" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0746" }, { "db": "CNNVD", "id": "CNNVD-201602-058" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-15T00:00:00", "db": "VULHUB", "id": "VHN-88256" }, { "date": "2016-02-15T00:00:00", "db": "VULMON", "id": "CVE-2016-0746" }, { "date": "2016-01-29T00:00:00", "db": "BID", "id": "82230" }, { "date": "2016-03-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "date": "2016-02-12T19:22:00", "db": "PACKETSTORM", "id": "135738" }, { "date": "2016-07-14T20:08:00", "db": "PACKETSTORM", "id": "137908" }, { "date": "2016-06-17T23:50:23", "db": "PACKETSTORM", "id": "137518" }, { "date": "2016-02-10T03:55:35", "db": "PACKETSTORM", "id": "135684" }, { "date": "2021-09-22T16:28:58", "db": "PACKETSTORM", "id": "164240" }, { "date": "2016-02-15T19:59:01.157000", "db": "NVD", "id": "CVE-2016-0746" }, { "date": "2016-01-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201602-058" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-88256" }, { "date": "2021-09-22T00:00:00", "db": "VULMON", "id": "CVE-2016-0746" }, { "date": "2016-10-26T00:01:00", "db": "BID", "id": "82230" }, { "date": "2016-03-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "date": "2021-12-16T18:43:07.100000", "db": "NVD", "id": "CVE-2016-0746" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201602-058" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "CNNVD", "id": "CNNVD-201602-058" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Service disruption in other resolvers (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001744" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201602-058" } ], "trust": 0.6 } }
var-201811-0986
Vulnerability from variot
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Versions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev.
For the stable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u2.
We recommend that you upgrade your nginx packages. ========================================================================== Ubuntu Security Notice USN-3812-1 November 07, 2018
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx.
Software Description: - nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)
Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16844)
It was discovered that nginx incorrectly handled the ngx_http_mp4_module module. A remote attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2018-16845)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: nginx-common 1.15.5-0ubuntu2.1 nginx-core 1.15.5-0ubuntu2.1 nginx-extras 1.15.5-0ubuntu2.1 nginx-full 1.15.5-0ubuntu2.1 nginx-light 1.15.5-0ubuntu2.1
Ubuntu 18.04 LTS: nginx-common 1.14.0-0ubuntu1.2 nginx-core 1.14.0-0ubuntu1.2 nginx-extras 1.14.0-0ubuntu1.2 nginx-full 1.14.0-0ubuntu1.2 nginx-light 1.14.0-0ubuntu1.2
Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.3 nginx-core 1.10.3-0ubuntu0.16.04.3 nginx-extras 1.10.3-0ubuntu0.16.04.3 nginx-full 1.10.3-0ubuntu0.16.04.3 nginx-light 1.10.3-0ubuntu0.16.04.3
Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.9 nginx-core 1.4.6-1ubuntu3.9 nginx-extras 1.4.6-1ubuntu3.9 nginx-full 1.4.6-1ubuntu3.9 nginx-light 1.4.6-1ubuntu3.9
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx114-nginx security update Advisory ID: RHSA-2018:3681-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3681 Issue date: 2018-11-27 CVE Names: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 ==================================================================== 1. Summary:
An update for rh-nginx114-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a later upstream version: rh-nginx114-nginx (1.14.1).
Red Hat would like to thank the Nginx project for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx114-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
aarch64: rh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
aarch64: rh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16843 https://access.redhat.com/security/cve/CVE-2018-16844 https://access.redhat.com/security/cve/CVE-2018-16845 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW/0L0tzjgjWX9erEAQi/dA//TeRNgNBL26V6hp7bf1NojNPyPdOdgyEb VvJJMTCvsafmFT15/SzElx34Dy6OLqqreBkNj39zMH9fK64CS3XhjEAyazyp+kMO SEXRR8+0f1ZLcHRkR0ODWKqXI9yFYAWLjrq8pXw2877P8DrR2qm8O+e6HqFXU11w nIWJB/AvnoX2bAlXXkXfN4nX712bPXp435vI5YRizho+/Ihb/mRlWMx+Bn8ma/xW J793HiOmdZrugXTvn/34A8vPY04wRcn6tPhMzob6FT/CBLhsTXUmBbQxQUnNboaJ oaaf/RD+IIpgqpxEk41p+Jtq5SiOfQ9KB9gbyzXpaarjZwYLm3BwrpnIES6Cd3BM ScqMrIthu/9ZOQLpPET6ypuBYU53xwPHlhBBNnA+MGjz4mrvzc7WTgoFsV1VFAfY 3TXlFkfv6cRV5IEoHa4GBaR+1g2lzvi8iirep09bqtv5VFJsD+RwspY1OZOVB4st fXXSzVsWuzFGFYkFBTyuKzJkhBrl3BHjK8VRuBlNTBMvLa5Q+YmOmzAQAmmKoZYn JeBulCz6hSJ8lHN8GiQxkqeOMZz3XUe0L4mAdkk+UqBxUrB16nDRxBUVpqMbulJl IyAqBeA4ekIvf376D6Jh0VDEkLfpesjoFACdVwdjKzLJI9e7ljut81rwmCtmWT7i vpRowVLRFpwoP7 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0986", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.15.6" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.14.1" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.15.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.9.5" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.10" }, { "model": "nginx", "scope": "eq", "trust": 0.9, "vendor": "nginx", "version": "1.0.9" }, { "model": "nginx", "scope": "eq", "trust": 0.9, "vendor": "nginx", "version": "1.0.8" }, { "model": "nginx", "scope": "eq", "trust": 0.9, "vendor": "nginx", "version": "1.0.7" }, { "model": "ubuntu", "scope": null, "trust": 0.8, "vendor": "canonical", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.14.1" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.15.6" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.0.6" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.0.5" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.0.4" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "software collections for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.15.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.13.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.10" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.15.6" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.14.1" } ], "sources": [ { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.14.1", "versionStartIncluding": "1.9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.15.6", "versionStartIncluding": "1.15.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-16844" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Gal Goldshtein from F5 Networks, and Maxim Konovalov (Nginx)", "sources": [ { "db": "BID", "id": "105868" } ], "trust": 0.3 }, "cve": "CVE-2018-16844", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-16844", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-127244", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "secalert@redhat.com", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-16844", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-16844", "trust": 1.8, "value": "HIGH" }, { "author": "secalert@redhat.com", "id": "CVE-2018-16844", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201811-120", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-127244", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-16844", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-127244" }, { "db": "VULMON", "id": "CVE-2018-16844" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the \u0027http2\u0027 option of the \u0027listen\u0027 directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. \nVersions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2. \n\nWe recommend that you upgrade your nginx packages. ==========================================================================\nUbuntu Security Notice USN-3812-1\nNovember 07, 2018\n\nnginx vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nIt was discovered that nginx incorrectly handled the HTTP/2 implementation. \nA remote attacker could possibly use this issue to cause excessive memory\nconsumption, leading to a denial of service. This issue only affected\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)\n\nGal Goldshtein discovered that nginx incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nexcessive CPU usage, leading to a denial of service. This issue only\naffected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. \n(CVE-2018-16844)\n\nIt was discovered that nginx incorrectly handled the ngx_http_mp4_module\nmodule. A remote attacker could possibly use this issue with a specially\ncrafted mp4 file to cause nginx to crash, stop responding, or access\narbitrary memory. (CVE-2018-16845)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n nginx-common 1.15.5-0ubuntu2.1\n nginx-core 1.15.5-0ubuntu2.1\n nginx-extras 1.15.5-0ubuntu2.1\n nginx-full 1.15.5-0ubuntu2.1\n nginx-light 1.15.5-0ubuntu2.1\n\nUbuntu 18.04 LTS:\n nginx-common 1.14.0-0ubuntu1.2\n nginx-core 1.14.0-0ubuntu1.2\n nginx-extras 1.14.0-0ubuntu1.2\n nginx-full 1.14.0-0ubuntu1.2\n nginx-light 1.14.0-0ubuntu1.2\n\nUbuntu 16.04 LTS:\n nginx-common 1.10.3-0ubuntu0.16.04.3\n nginx-core 1.10.3-0ubuntu0.16.04.3\n nginx-extras 1.10.3-0ubuntu0.16.04.3\n nginx-full 1.10.3-0ubuntu0.16.04.3\n nginx-light 1.10.3-0ubuntu0.16.04.3\n\nUbuntu 14.04 LTS:\n nginx-common 1.4.6-1ubuntu3.9\n nginx-core 1.4.6-1ubuntu3.9\n nginx-extras 1.4.6-1ubuntu3.9\n nginx-full 1.4.6-1ubuntu3.9\n nginx-light 1.4.6-1ubuntu3.9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx114-nginx security update\nAdvisory ID: RHSA-2018:3681-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3681\nIssue date: 2018-11-27\nCVE Names: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845\n====================================================================\n1. Summary:\n\nAn update for rh-nginx114-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nginx114-nginx (1.14.1). \n\nRed Hat would like to thank the Nginx project for reporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx114-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16843\nhttps://access.redhat.com/security/cve/CVE-2018-16844\nhttps://access.redhat.com/security/cve/CVE-2018-16845\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/0L0tzjgjWX9erEAQi/dA//TeRNgNBL26V6hp7bf1NojNPyPdOdgyEb\nVvJJMTCvsafmFT15/SzElx34Dy6OLqqreBkNj39zMH9fK64CS3XhjEAyazyp+kMO\nSEXRR8+0f1ZLcHRkR0ODWKqXI9yFYAWLjrq8pXw2877P8DrR2qm8O+e6HqFXU11w\nnIWJB/AvnoX2bAlXXkXfN4nX712bPXp435vI5YRizho+/Ihb/mRlWMx+Bn8ma/xW\nJ793HiOmdZrugXTvn/34A8vPY04wRcn6tPhMzob6FT/CBLhsTXUmBbQxQUnNboaJ\noaaf/RD+IIpgqpxEk41p+Jtq5SiOfQ9KB9gbyzXpaarjZwYLm3BwrpnIES6Cd3BM\nScqMrIthu/9ZOQLpPET6ypuBYU53xwPHlhBBNnA+MGjz4mrvzc7WTgoFsV1VFAfY\n3TXlFkfv6cRV5IEoHa4GBaR+1g2lzvi8iirep09bqtv5VFJsD+RwspY1OZOVB4st\nfXXSzVsWuzFGFYkFBTyuKzJkhBrl3BHjK8VRuBlNTBMvLa5Q+YmOmzAQAmmKoZYn\nJeBulCz6hSJ8lHN8GiQxkqeOMZz3XUe0L4mAdkk+UqBxUrB16nDRxBUVpqMbulJl\nIyAqBeA4ekIvf376D6Jh0VDEkLfpesjoFACdVwdjKzLJI9e7ljut81rwmCtmWT7i\nvpRowVLRFpwoP7\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"", "sources": [ { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "BID", "id": "105868" }, { "db": "VULHUB", "id": "VHN-127244" }, { "db": "VULMON", "id": "CVE-2018-16844" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "164240" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-16844", "trust": 3.4 }, { "db": "BID", "id": "105868", "trust": 2.0 }, { "db": "SECTRACK", "id": "1042038", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2018-011776", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201811-120", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3384", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0451", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042571", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-127244", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-16844", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150214", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150480", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150481", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127244" }, { "db": "VULMON", "id": "CVE-2018-16844" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "id": "VAR-201811-0986", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-127244" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:39:52.652000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-4335", "trust": 0.8, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "title": "USN-3812-1", "trust": 0.8, "url": "https://usn.ubuntu.com/3812-1/" }, { "title": "CVE-2018-16843, CVE-2018-16844", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "title": "Nginx Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=86627" }, { "title": "Red Hat: Important: rh-nginx114-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183681 - security advisory" }, { "title": "Red Hat: Important: rh-nginx112-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183680 - security advisory" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3812-1" }, { "title": "Debian CVElist Bug Report Logs: nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f21dcb5d073b4fb671c738fa256c2347" }, { "title": "Red Hat: CVE-2018-16844", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-16844" }, { "title": "Amazon Linux AMI: ALAS-2018-1125", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-1125" }, { "title": "anitazhaochen.github.io", "trust": 0.1, "url": "https://github.com/anitazhaochen/anitazhaochen.github.io " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-16844" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127244" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "NVD", "id": "CVE-2018-16844" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16844" }, { "trust": 2.0, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "trust": 2.0, "url": "https://usn.ubuntu.com/3812-1/" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3680" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3681" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/105868" }, { "trust": 1.7, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.7, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1042038" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16844" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3384/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75522" }, { "trust": 0.6, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10960610" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042571" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-16843" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-16844" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-16845" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16843" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/nginx" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.2" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3812-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.9" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.15.5-0ubuntu2.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://developer.apple.com/xcode/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747" }, { "trust": 0.1, "url": "https://support.apple.com/ht212818." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529" } ], "sources": [ { "db": "VULHUB", "id": "VHN-127244" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-127244" }, { "db": "VULMON", "id": "CVE-2018-16844" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-07T00:00:00", "db": "VULHUB", "id": "VHN-127244" }, { "date": "2018-11-07T00:00:00", "db": "VULMON", "id": "CVE-2018-16844" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "date": "2018-11-12T16:57:53", "db": "PACKETSTORM", "id": "150253" }, { "date": "2018-11-07T17:35:27", "db": "PACKETSTORM", "id": "150214" }, { "date": "2018-11-27T17:24:35", "db": "PACKETSTORM", "id": "150480" }, { "date": "2018-11-27T17:24:48", "db": "PACKETSTORM", "id": "150481" }, { "date": "2021-09-22T16:28:58", "db": "PACKETSTORM", "id": "164240" }, { "date": "2018-11-07T14:29:00.837000", "db": "NVD", "id": "CVE-2018-16844" }, { "date": "2018-11-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-127244" }, { "date": "2022-02-22T00:00:00", "db": "VULMON", "id": "CVE-2018-16844" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "date": "2022-02-22T19:27:12.300000", "db": "NVD", "id": "CVE-2018-16844" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "150214" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Vulnerable to resource exhaustion", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011776" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-120" } ], "trust": 0.6 } }
var-202106-1921
Vulnerability from variot
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. nginx The resolver contains a vulnerability in determining boundary conditions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. Affected products and versions are as follows: nginx: 0.6.18, 0.6.19 0.6.20, 0.6.21, 0.6.22 0.6.23, 0.6.24, 0.6.25, 0.6.26, 0.6.27, 0.6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202105-38
https://security.gentoo.org/
Severity: High Title: nginx: Remote code execution Date: May 26, 2021 Bugs: #792087 ID: 202105-38
Synopsis
A vulnerability in nginx could lead to remote code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.21.0 >= 1.20.1:0 >= 1.21.0:mainline
Description
It was discovered that nginx did not properly handle DNS responses when "resolver" directive is used.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.20.1"
All nginx mainline users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-servers/nginx-1.21.0:mainline"
References
[ 1 ] CVE-2021-23017 https://nvd.nist.gov/vuln/detail/CVE-2021-23017
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202105-38
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-nginx118-nginx security update Advisory ID: RHSA-2021:2258-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2258 Issue date: 2021-06-07 CVE Names: CVE-2021-23017 =====================================================================
- Summary:
An update for rh-nginx118-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
- nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx118-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx118-nginx-1.18.0-3.el7.src.rpm
ppc64le: rh-nginx118-nginx-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.ppc64le.rpm
s390x: rh-nginx118-nginx-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.s390x.rpm
x86_64: rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nginx118-nginx-1.18.0-3.el7.src.rpm
ppc64le: rh-nginx118-nginx-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.ppc64le.rpm
s390x: rh-nginx118-nginx-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.s390x.rpm
x86_64: rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx118-nginx-1.18.0-3.el7.src.rpm
x86_64: rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-23017 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYL3MN9zjgjWX9erEAQjMKA//YaSwGZ/DmvwILuYqYNbIGKvcatycisD6 RrS+A7J9QqTEKqC8mZQ/OvfS5TukanQ/jzTNfRuGuO7booPRlhqVxZVLrSgQNaVD 1FV/cQqXhS/FwmrM8wnWdLpsFUXRXsTqiOoUnymzZbSh1VDjB8VZZLjWc7Wnueqy clLQnYtwMT5axzXRJl/JiXs+yJBmzv5igSFMoGXEKDx6DTrWGtZENE1rpumPAjb6 Y3aDzDZYu4Bl9V1FCUOtksWnmP0Xl/kvSL31aUkyYbyi9i0DpQswmdBH4Bl5ulw2 skkKH69ixA1wu+2D128toUy2ZR/MjX88sH3bCahhY1G4ajp0Vl3/p/kM7VVR5uRi KTVNK8FueNIvp8fMp8oYKhZW9It5DzlMa0Q1QcFfsutgf+932up8qJ9o0mQ9AbVK fBYb8F0hYMDI8udy+npgUM0WwwiBQAqzcHmbnYIRt6IK5f/dUOqucugiJFsbyTl2 pIcJty1208RbrDE/ctTcKuyVbHH9pPOHql5rFlJLAh7yYdHWh6J1QhmdA1RNm51h MEgO5OOVUjrV2mye1c8o7EkTzvuhu2RWQ7WyQc6C81ZlcUcjfNnq73vJ9HBNtNT5 hsiDG/UdvY/thIQmqzSFI3z8ALFKPRUcJ91v/fZNRpBTxcsluN91X7XrHIQDNOs9 jVrMgzAG88I= =av6T -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.2) - aarch64, noarch, ppc64le, s390x, x86_64
- Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.3.3 General Availability release images, which fix bugs, provide security fixes, and update container images. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.3 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/
Note: Because Red Hat OpenShift Container Platform version 4.9 was just released, the functional testing of the compatibility between Red Hat Advanced Cluster Management 2.3.3 and Red Hat OpenShift Container Platform version 4.9 is still in progress.
Security fixes:
-
nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)
-
redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)
-
redis: Integer overflow issue with Streams (CVE-2021-32627)
-
redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628)
-
redis: Integer overflow issue with intsets (CVE-2021-32687)
-
redis: Integer overflow issue with strings (CVE-2021-41099)
-
redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672)
-
redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675)
-
helm: information disclosure vulnerability (CVE-2021-32690)
Bug fixes:
-
KUBE-API: Support move agent to different cluster in the same namespace (BZ# 1977358)
-
Add columns to the Agent CRD list (BZ# 1977398)
-
ClusterDeployment controller watches all Secrets from all namespaces (BZ# 1986081)
-
RHACM 2.3.3 images (BZ# 1999365)
-
Workaround for Network Manager not supporting nmconnections priority (BZ# 2001294)
-
create cluster page empty in Safary Browser (BZ# 2002280)
-
Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object (BZ# 2002667)
-
Overview page displays VMware based managed cluster as other (BZ# 2004188)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1977358 - [4.8.0] KUBE-API: Support move agent to different cluster in the same namespace 1977398 - [4.8.0] [master] Add columns to the Agent CRD list 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1986081 - [4.8.0] ClusterDeployment controller watches all Secrets from all namespaces 1999365 - RHACM 2.3.3 images 2001294 - [4.8.0] Workaround for Network Manager not supporting nmconnections priority 2002280 - create cluster page empty in Safary Browser 2002667 - Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object 2004188 - Overview page displays VMware based managed cluster as other 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4921-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2021 https://www.debian.org/security/faq
Package : nginx CVE ID : CVE-2021-23017 Debian Bug : 989095
Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one in Nginx, a high-performance web and reverse proxy server, which could result in denial of service and potentially the execution of arbitrary code.
For the stable distribution (buster), this problem has been fixed in version 1.14.2-2+deb10u4.
We recommend that you upgrade your nginx packages.
For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCw3CMACgkQEMKTtsN8 TjYgGA/9FlgRs/kkpLxlnM5ymYDA+WAmc44BiKLajlItjdw54nifSb7WJQifSjND wWz6/1Qc2R84mgovtdReIcgEQDDmm8iCpslsWt4r/iWT5m/tlZhkLhBN1AyhW8VS u1Goqt+hFkz0fZMzv1vf9MwRkUma8SjxNcQdjs4fHzyZAfo+QoV4Ir0I7DIMKkZk N5teHqHIMaDasRZFQSpL8NuZC+JN5EEpB764mV+O/YqVrWeE9QUAnL0FgjcQUnmh iQ5AmMJRtAnQXXu9Qkpx9WtDemHLFHC9JsWEKE3TJAegA4ZhfOo5MZcjesn6EoqV 8rXAAupWzO5/wTxMeulqz4HTLeYPs+jTSONHwT1oG9kgY59jVcNVjg2DcGbG3/17 ueZdGTy70pgLSL6IKILNBgqHh0AqSyyuZmocy07DNGay+HzwuFSBq4RCCved+EPW 4CMtIPSujjPzQqvg15gFNKt/7T2ZfKFR7zVfm0itI6KTjyAhmFhaNYNwWEifX68u 8akhscDlUxmDQG1kbQ2u/IZqWeKG/TpbqaaTrTl6U+Gl1hmRO06Y4AckW1Xwm2r4 CFSO9uHeNte5Vsw+4NlDntzRZOOfJ6qW8x0XF5Vgn7R9mfYPlvIWJgptsgrrijnf lhCPw5JMpzQ4afWlRUvQiaf0lOIySKIfv05wHPtIablmgjIGny4= =qxQw -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1921", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "enterprise telephony fraud monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "openresty", "scope": "lt", "trust": 1.0, "vendor": "openresty", "version": "1.19.3.2" }, { "model": "goldengate", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "21.4.0.0.0" }, { "model": "communications control plane monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3" }, { "model": "communications control plane monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "communications fraud monitor", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "communications fraud monitor", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "3.4" }, { "model": "communications operations monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3" }, { "model": "communications operations monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "enterprise telephony fraud monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.4" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.6.18" }, { "model": "enterprise telephony fraud monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.2" }, { "model": "ontap select deploy administration utility", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "communications session border controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.0" }, { "model": "communications control plane monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.4" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.20.1" }, { "model": "communications control plane monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.2" }, { "model": "communications operations monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.4" }, { "model": "communications operations monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.2" }, { "model": "communications session border controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.4" }, { "model": "enterprise communications broker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.3.0" }, { "model": "enterprise session border controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.0" }, { "model": "blockchain platform", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "enterprise session border controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.4" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "33" }, { "model": "enterprise telephony fraud monitor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3" }, { "model": "oracle communications operations monitor", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "oracle enterprise telephony fraud monitor", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "oracle communications control plane monitor", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "nginx", "scope": null, "trust": 0.8, "vendor": "f5", "version": null }, { "model": "ontap select deploy administration utility", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "openresty", "scope": null, "trust": 0.8, "vendor": "openresty", "version": null }, { "model": "oracle communications fraud monitor", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "db": "NVD", "id": "CVE-2021-23017" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.20.1", "versionStartIncluding": "0.6.18", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.19.3.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_fraud_monitor:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.4", "versionStartIncluding": "3.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_control_plane_monitor:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_control_plane_monitor:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_control_plane_monitor:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_control_plane_monitor:3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "21.4.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-23017" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162986" }, { "db": "PACKETSTORM", "id": "162992" }, { "db": "PACKETSTORM", "id": "163013" }, { "db": "PACKETSTORM", "id": "164523" }, { "db": "PACKETSTORM", "id": "164562" }, { "db": "PACKETSTORM", "id": "164948" } ], "trust": 0.6 }, "cve": "CVE-2021-23017", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-23017", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-381503", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.5, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 9.4, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-23017", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-23017", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-23017", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-202105-1581", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-381503", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-381503" }, { "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "db": "CNNVD", "id": "CNNVD-202105-1581" }, { "db": "NVD", "id": "CVE-2021-23017" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. nginx The resolver contains a vulnerability in determining boundary conditions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. Affected products and versions are as follows: nginx: 0.6.18, 0.6.19 0.6.20, 0.6.21, 0.6.22 0.6.23, 0.6.24, 0.6.25, 0.6.26, 0.6.27, 0.6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202105-38\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: nginx: Remote code execution\n Date: May 26, 2021\n Bugs: #792087\n ID: 202105-38\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability in nginx could lead to remote code execution. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.21.0 \u003e= 1.20.1:0\n \u003e= 1.21.0:mainline\n\nDescription\n===========\n\nIt was discovered that nginx did not properly handle DNS responses when\n\"resolver\" directive is used. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.20.1\"\n\nAll nginx mainline users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-servers/nginx-1.21.0:mainline\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-23017\n https://nvd.nist.gov/vuln/detail/CVE-2021-23017\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202105-38\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-nginx118-nginx security update\nAdvisory ID: RHSA-2021:2258-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2258\nIssue date: 2021-06-07\nCVE Names: CVE-2021-23017 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx118-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a\npointer to a root domain name (CVE-2021-23017)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx118-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx118-nginx-1.18.0-3.el7.src.rpm\n\nppc64le:\nrh-nginx118-nginx-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-debuginfo-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-mail-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-stream-1.18.0-3.el7.ppc64le.rpm\n\ns390x:\nrh-nginx118-nginx-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-debuginfo-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-mail-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-stream-1.18.0-3.el7.s390x.rpm\n\nx86_64:\nrh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx118-nginx-1.18.0-3.el7.src.rpm\n\nppc64le:\nrh-nginx118-nginx-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-debuginfo-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-mail-1.18.0-3.el7.ppc64le.rpm\nrh-nginx118-nginx-mod-stream-1.18.0-3.el7.ppc64le.rpm\n\ns390x:\nrh-nginx118-nginx-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-debuginfo-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-mail-1.18.0-3.el7.s390x.rpm\nrh-nginx118-nginx-mod-stream-1.18.0-3.el7.s390x.rpm\n\nx86_64:\nrh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx118-nginx-1.18.0-3.el7.src.rpm\n\nx86_64:\nrh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm\nrh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-23017\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYL3MN9zjgjWX9erEAQjMKA//YaSwGZ/DmvwILuYqYNbIGKvcatycisD6\nRrS+A7J9QqTEKqC8mZQ/OvfS5TukanQ/jzTNfRuGuO7booPRlhqVxZVLrSgQNaVD\n1FV/cQqXhS/FwmrM8wnWdLpsFUXRXsTqiOoUnymzZbSh1VDjB8VZZLjWc7Wnueqy\nclLQnYtwMT5axzXRJl/JiXs+yJBmzv5igSFMoGXEKDx6DTrWGtZENE1rpumPAjb6\nY3aDzDZYu4Bl9V1FCUOtksWnmP0Xl/kvSL31aUkyYbyi9i0DpQswmdBH4Bl5ulw2\nskkKH69ixA1wu+2D128toUy2ZR/MjX88sH3bCahhY1G4ajp0Vl3/p/kM7VVR5uRi\nKTVNK8FueNIvp8fMp8oYKhZW9It5DzlMa0Q1QcFfsutgf+932up8qJ9o0mQ9AbVK\nfBYb8F0hYMDI8udy+npgUM0WwwiBQAqzcHmbnYIRt6IK5f/dUOqucugiJFsbyTl2\npIcJty1208RbrDE/ctTcKuyVbHH9pPOHql5rFlJLAh7yYdHWh6J1QhmdA1RNm51h\nMEgO5OOVUjrV2mye1c8o7EkTzvuhu2RWQ7WyQc6C81ZlcUcjfNnq73vJ9HBNtNT5\nhsiDG/UdvY/thIQmqzSFI3z8ALFKPRUcJ91v/fZNRpBTxcsluN91X7XrHIQDNOs9\njVrMgzAG88I=\n=av6T\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.3 General\nAvailability release images, which fix bugs, provide security fixes, and\nupdate container images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with\nsecurity policy built in. See the following Release Notes documentation, which will be\nupdated shortly for this release, for additional details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html/release_notes/\n\nNote: Because Red Hat OpenShift Container Platform version 4.9 was just\nreleased, the functional testing of the compatibility between Red Hat\nAdvanced Cluster Management 2.3.3 and Red Hat OpenShift Container Platform\nversion 4.9 is still in progress. \n\nSecurity fixes: \n\n* nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a\npointer to a root domain name (CVE-2021-23017)\n\n* redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)\n\n* redis: Integer overflow issue with Streams (CVE-2021-32627)\n\n* redis: Integer overflow bug in the ziplist data structure\n(CVE-2021-32628)\n\n* redis: Integer overflow issue with intsets (CVE-2021-32687)\n\n* redis: Integer overflow issue with strings (CVE-2021-41099)\n\n* redis: Out of bounds read in lua debugger protocol parser\n(CVE-2021-32672)\n\n* redis: Denial of service via Redis Standard Protocol (RESP) request\n(CVE-2021-32675)\n\n* helm: information disclosure vulnerability (CVE-2021-32690)\n\nBug fixes:\n\n* KUBE-API: Support move agent to different cluster in the same namespace\n(BZ# 1977358)\n\n* Add columns to the Agent CRD list (BZ# 1977398)\n\n* ClusterDeployment controller watches all Secrets from all namespaces (BZ#\n1986081)\n\n* RHACM 2.3.3 images (BZ# 1999365)\n\n* Workaround for Network Manager not supporting nmconnections priority (BZ#\n2001294)\n\n* create cluster page empty in Safary Browser (BZ# 2002280)\n\n* Compliance state doesn\u0027t get updated after fixing the issue causing\ninitially the policy not being able to update the managed object (BZ#\n2002667)\n\n* Overview page displays VMware based managed cluster as other (BZ#\n2004188)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name\n1977358 - [4.8.0] KUBE-API: Support move agent to different cluster in the same namespace\n1977398 - [4.8.0] [master] Add columns to the Agent CRD list\n1978144 - CVE-2021-32690 helm: information disclosure vulnerability\n1986081 - [4.8.0] ClusterDeployment controller watches all Secrets from all namespaces\n1999365 - RHACM 2.3.3 images\n2001294 - [4.8.0] Workaround for Network Manager not supporting nmconnections priority\n2002280 - create cluster page empty in Safary Browser\n2002667 - Compliance state doesn\u0027t get updated after fixing the issue causing initially the policy not being able to update the managed object\n2004188 - Overview page displays VMware based managed cluster as other\n2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets\n2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request\n2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser\n2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure\n2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams\n2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack\n2011020 - CVE-2021-41099 redis: Integer overflow issue with strings\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4921-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMay 28, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nginx\nCVE ID : CVE-2021-23017\nDebian Bug : 989095\n\nLuis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one\nin Nginx, a high-performance web and reverse proxy server, which could\nresult in denial of service and potentially the execution of arbitrary\ncode. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.14.2-2+deb10u4. \n\nWe recommend that you upgrade your nginx packages. \n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCw3CMACgkQEMKTtsN8\nTjYgGA/9FlgRs/kkpLxlnM5ymYDA+WAmc44BiKLajlItjdw54nifSb7WJQifSjND\nwWz6/1Qc2R84mgovtdReIcgEQDDmm8iCpslsWt4r/iWT5m/tlZhkLhBN1AyhW8VS\nu1Goqt+hFkz0fZMzv1vf9MwRkUma8SjxNcQdjs4fHzyZAfo+QoV4Ir0I7DIMKkZk\nN5teHqHIMaDasRZFQSpL8NuZC+JN5EEpB764mV+O/YqVrWeE9QUAnL0FgjcQUnmh\niQ5AmMJRtAnQXXu9Qkpx9WtDemHLFHC9JsWEKE3TJAegA4ZhfOo5MZcjesn6EoqV\n8rXAAupWzO5/wTxMeulqz4HTLeYPs+jTSONHwT1oG9kgY59jVcNVjg2DcGbG3/17\nueZdGTy70pgLSL6IKILNBgqHh0AqSyyuZmocy07DNGay+HzwuFSBq4RCCved+EPW\n4CMtIPSujjPzQqvg15gFNKt/7T2ZfKFR7zVfm0itI6KTjyAhmFhaNYNwWEifX68u\n8akhscDlUxmDQG1kbQ2u/IZqWeKG/TpbqaaTrTl6U+Gl1hmRO06Y4AckW1Xwm2r4\nCFSO9uHeNte5Vsw+4NlDntzRZOOfJ6qW8x0XF5Vgn7R9mfYPlvIWJgptsgrrijnf\nlhCPw5JMpzQ4afWlRUvQiaf0lOIySKIfv05wHPtIablmgjIGny4=\n=qxQw\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2021-23017" }, { "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "db": "VULHUB", "id": "VHN-381503" }, { "db": "PACKETSTORM", "id": "162835" }, { "db": "PACKETSTORM", "id": "162986" }, { "db": "PACKETSTORM", "id": "162992" }, { "db": "PACKETSTORM", "id": "163013" }, { "db": "PACKETSTORM", "id": "164523" }, { "db": "PACKETSTORM", "id": "164562" }, { "db": "PACKETSTORM", "id": "164948" }, { "db": "PACKETSTORM", "id": "169062" } ], "trust": 2.43 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-381503", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-381503" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-23017", "trust": 4.1 }, { "db": "PACKETSTORM", "id": "167720", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "163013", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162835", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "164948", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-007625", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162830", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "165782", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "162851", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "163003", "trust": 0.7 }, { "db": "EXPLOIT-DB", "id": "50973", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164523", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164562", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164282", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021052543", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022041931", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021092811", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022071833", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021052901", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060212", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021100722", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012302", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021052713", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060719", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060948", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021061520", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012747", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021062209", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3878", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1850", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3485", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1936", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1802", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3211", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3430", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1861", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1817", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2027", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1973", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2022070032", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202105-1581", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "162992", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162986", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162819", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-381503", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169062", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381503" }, { "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "db": "PACKETSTORM", "id": "162835" }, { "db": "PACKETSTORM", "id": "162986" }, { "db": "PACKETSTORM", "id": "162992" }, { "db": "PACKETSTORM", "id": "163013" }, { "db": "PACKETSTORM", "id": "164523" }, { "db": "PACKETSTORM", "id": "164562" }, { "db": "PACKETSTORM", "id": "164948" }, { "db": "PACKETSTORM", "id": "169062" }, { "db": "CNNVD", "id": "CNNVD-202105-1581" }, { "db": "NVD", "id": "CVE-2021-23017" } ] }, "id": "VAR-202106-1921", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-381503" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:25:59.461000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0October\u00a02021 Oracle\u00a0Critical\u00a0Patch\u00a0Update", "trust": 0.8, "url": "https://support.f5.com/csp/article/k12331123" }, { "title": "Nginx Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=154683" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "db": "CNNVD", "id": "CNNVD-202105-1581" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-193", "trust": 1.1 }, { "problemtype": "Boundary condition judgment (CWE-193) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381503" }, { "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "db": "NVD", "id": "CVE-2021-23017" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://packetstormsecurity.com/files/167720/nginx-1.20.0-denial-of-service.html" }, { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20210708-0006/" }, { "trust": 1.7, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23017" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3cnotifications.apisix.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3cnotifications.apisix.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3cnotifications.apisix.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3cnotifications.apisix.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3cnotifications.apisix.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7sfvyhc7oxteo4smbwxdvk6e5imeymee/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gnkop2jr5l7kciztjrzdcupjtuonmc5i/" }, { "trust": 1.0, "url": "https://support.f5.com/csp/article/k12331123%2c" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7sfvyhc7oxteo4smbwxdvk6e5imeymee/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gnkop2jr5l7kciztjrzdcupjtuonmc5i/" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3cnotifications.apisix.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3cnotifications.apisix.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3cnotifications.apisix.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3cnotifications.apisix.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3cnotifications.apisix.apache.org%3e" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2021-23017" }, { "trust": 0.6, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://support.f5.com/csp/article/k12331123" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021052713" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163003/red-hat-security-advisory-2021-2278-01.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/nginx-buffer-overflow-via-dns-server-response-35526" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164282/red-hat-security-advisory-2021-3653-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6492205" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022041931" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1802" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-f5-nginx-controller-affect-ibm-cloud-pak-for-automation/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162851/ubuntu-security-notice-usn-4967-2.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060719" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3211" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164523/red-hat-security-advisory-2021-3873-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021100722" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3430" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2022070032" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2027" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1850" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6483657" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162835/gentoo-linux-security-advisory-202105-38.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021052901" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022071833" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021052543" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060948" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1817" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3878" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021062209" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1973" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1936" }, { "trust": 0.6, "url": "https://www.exploit-db.com/exploits/50973" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164948/red-hat-security-advisory-2021-4618-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012302" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163013/red-hat-security-advisory-2021-2290-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021092811" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3485" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021061520" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1861" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525030" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012747" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162830/nginx-1.20.0-dns-resolver-off-by-one-heap-write.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164562/red-hat-security-advisory-2021-3925-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165782/red-hat-security-advisory-2022-0323-02.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060212" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-36222" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-32626" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-32687" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-37750" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32626" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32675" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-22922" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-22924" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-32675" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-41099" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32627" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32687" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32628" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32672" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36222" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-32627" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-32672" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-22923" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-32628" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41099" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3653" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3656" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32690" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-32690" }, { "trust": 0.1, "url": "https://support.f5.com/csp/article/k12331123," }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/glsa/202105-38" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2258" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2259" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2290" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23434" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3873" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21670" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22543" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21670" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25741" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22543" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25648" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21671" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4658" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3925" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37576" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21671" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25741" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23841" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37576" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33929" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-0512" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-32803" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3733" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33930" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3711" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:4618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3733" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36385" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3712" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-32804" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33623" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33938" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33929" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32804" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22947" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3711" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3749" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33930" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33623" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22946" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33928" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33938" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32803" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33928" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/nginx" } ], "sources": [ { "db": "VULHUB", "id": "VHN-381503" }, { "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "db": "PACKETSTORM", "id": "162835" }, { "db": "PACKETSTORM", "id": "162986" }, { "db": "PACKETSTORM", "id": "162992" }, { "db": "PACKETSTORM", "id": "163013" }, { "db": "PACKETSTORM", "id": "164523" }, { "db": "PACKETSTORM", "id": "164562" }, { "db": "PACKETSTORM", "id": "164948" }, { "db": "PACKETSTORM", "id": "169062" }, { "db": "CNNVD", "id": "CNNVD-202105-1581" }, { "db": "NVD", "id": "CVE-2021-23017" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-381503" }, { "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "db": "PACKETSTORM", "id": "162835" }, { "db": "PACKETSTORM", "id": "162986" }, { "db": "PACKETSTORM", "id": "162992" }, { "db": "PACKETSTORM", "id": "163013" }, { "db": "PACKETSTORM", "id": "164523" }, { "db": "PACKETSTORM", "id": "164562" }, { "db": "PACKETSTORM", "id": "164948" }, { "db": "PACKETSTORM", "id": "169062" }, { "db": "CNNVD", "id": "CNNVD-202105-1581" }, { "db": "NVD", "id": "CVE-2021-23017" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-01T00:00:00", "db": "VULHUB", "id": "VHN-381503" }, { "date": "2022-02-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "date": "2021-05-27T13:28:42", "db": "PACKETSTORM", "id": "162835" }, { "date": "2021-06-07T13:45:14", "db": "PACKETSTORM", "id": "162986" }, { "date": "2021-06-07T13:50:43", "db": "PACKETSTORM", "id": "162992" }, { "date": "2021-06-08T14:13:55", "db": "PACKETSTORM", "id": "163013" }, { "date": "2021-10-15T15:06:44", "db": "PACKETSTORM", "id": "164523" }, { "date": "2021-10-20T15:45:47", "db": "PACKETSTORM", "id": "164562" }, { "date": "2021-11-12T17:01:04", "db": "PACKETSTORM", "id": "164948" }, { "date": "2021-05-28T19:12:00", "db": "PACKETSTORM", "id": "169062" }, { "date": "2021-05-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-1581" }, { "date": "2021-06-01T13:15:07.853000", "db": "NVD", "id": "CVE-2021-23017" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-14T00:00:00", "db": "VULHUB", "id": "VHN-381503" }, { "date": "2022-02-18T01:21:00", "db": "JVNDB", "id": "JVNDB-2021-007625" }, { "date": "2022-09-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-1581" }, { "date": "2023-11-07T03:30:29.880000", "db": "NVD", "id": "CVE-2021-23017" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "162835" }, { "db": "CNNVD", "id": "CNNVD-202105-1581" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx\u00a0 Vulnerability in determining boundary conditions in resolver", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007625" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-1581" } ], "trust": 0.6 } }
var-200911-0398
Vulnerability from variot
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Hitachi Web Server for, SSL There is a vulnerability in which arbitrary data is inserted at the beginning of communication data when using the function.Arbitrary data may be inserted at the beginning of communication data by a third party. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction.
SOLUTION: Apply updates (please see the vendor's advisory for details). =========================================================== Ubuntu Security Notice USN-860-1 November 19, 2009 apache2 vulnerabilities CVE-2009-3094, CVE-2009-3095, CVE-2009-3555 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.9
Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.14
Ubuntu 8.10: apache2.2-common 2.2.9-7ubuntu3.5
Ubuntu 9.04: apache2.2-common 2.2.11-2ubuntu2.5
Ubuntu 9.10: apache2.2-common 2.2.12-1ubuntu2.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. The flaw is with TLS renegotiation and potentially affects any software that supports this feature. Attacks against the HTTPS protocol are known, with the severity of the issue depending on the safeguards used in the web application. Until the TLS protocol and underlying libraries are adjusted to defend against this vulnerability, a partial, temporary workaround has been applied to Apache that disables client initiated TLS renegotiation. This update does not protect against server initiated TLS renegotiation when using SSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. Users can defend againt server inititiated TLS renegotiation attacks by adjusting their Apache configuration to use SSLVerifyClient and SSLCipherSuite only on the server or virtual host level. (CVE-2009-3555)
It was discovered that mod_proxy_ftp in Apache did not properly sanitize its input when processing replies to EPASV and PASV commands. An attacker could use this to cause a denial of service in the Apache child process. (CVE-2009-3094)
Another flaw was discovered in mod_proxy_ftp. (CVE-2009-3095)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz
Size/MD5: 130638 5d172b0ca228238e211940fad6b0935d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc
Size/MD5: 1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb
Size/MD5: 2125884 643115e9135b9bf626f3a65cfc5f2ed3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 834492 818915da9848657833480b1ead6b4a12
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 229578 9086ac3033e0425ecd150b31b377ee76
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 224594 85a4480344a072868758c466f6a98747
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 229128 446b52088b9744fb776e53155403a474
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 172850 17e4cd95ecb9d0390274fca9625c2e5e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 173636 b501407d01fa07e5807c28cd1db16cd7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 95454 a06ee30ec14b35003ebcb821624bc2af
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 37510 4c063b1b8d831ea8a02d5ec691995dec
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 287048 9cdc7502ebc526d4bc7df9b59a9d8925
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 145624 4b613a57da2ca57678e8c8f0c1628556
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 787870 67b1855dc984e5296ac9580e2a2f0a0c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 204122 edf40b0ff5c1824b2d6232da247ce480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 200060 6267a56fcef78f6300372810ce36ea41
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 203580 c487929bbf45b5a4dc3d035d86f7b3a0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 172876 bae257127c3d137e407a7db744f3d57a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 173660 9dd0e108ab4d3382799b29d901bf4502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 93410 d5d602c75a28873f1cd7523857e0dd80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 37508 22049e1ea8ea88259ff3f6e94482cfb3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 263066 43fa2ae3b43c4743c98c45ac22fb0250
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 133484 e70b7f81859cb92e0c50084e92216526
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 860622 6d386da8da90d363414846dbc7fa7f08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 221470 8c207b379f7ba646c94759d3e9079dd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 217132 069cab77278b101c3c4a5b172f36ba9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 220968 2f6ba65769fc964eb6dfec8a842f7621
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 172874 89137c84b5a33f526daf3f8b4c047a7e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 173662 23e576721faccb4aef732cf98e2358d4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 105198 44f9e698567784555db7d7d971b9fce2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 37518 fe7caa2a3cf6d4227ac34692de30635e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 282644 ec0306c04778cf8c8edd622aabb0363c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 142730 d43356422176ca29440f3e0572678093
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 211674 eb19532b9b759c806e9a95a4ffbfad9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 207344 9e5770a4c94cbc4f9bc8cc11a6a038f1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 210948 6d1d2357cec5b88c1c2269e5c16724bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 172882 d04dd123def1bc4cfbf2ac0095432eea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 173662 6be46bbb9e92224020da49d657cb4cd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 94510 9df6ae07a9218d6159b1eebde5d58606
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 37506 89856bb1433e67fb23c8d34423d3e0a5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 269070 bf585dec777b0306cd80663c11b020df
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 131466 340eaf2d2c1f129c7676a152776cfcf3
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz
Size/MD5: 141838 37d5c93b425758839cbef5afea5353a2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc
Size/MD5: 1381 78c9a13cc2af0dbf3958a3fc98aeea84
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz
Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 1929318 d4faaf64c2c0af807848ea171a4efa90
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 72920 065d63c19b22f0f7a8f7c28952b0b408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 6258048 33c48a093bbb868ea108a50c051437cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 45850 07a9463a8e4fdf1a48766d5ad08b9a3c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 253080 3c6467ee604002a5b8ebffff8554c568
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 248676 3c83ce9eb0a27f18b9c3a8c3e651cafa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 252490 cf379a515d967d89d2009be9e06d4833
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 205592 af6cb62114d2e70bf859c32008a66433
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 141660 958585d6391847cd5a618464054f7d37
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 803974 76d23bd94465a2f96711dc1c41b31af0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 236060 ad4c00dc10b406cc312982b7113fa468
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 231580 07ae6a192e6c859e49d48f2b2158df40
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 235308 18a44bbffcebde8f2d66fe3a6bdbab6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 205594 73ec71599d4c8a42a69ac3099b9d50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 206374 c1524e4fa8265e7eaac046b114b8c463
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 140644 379a125b8b5b51ff8033449755ab87b8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 755574 9de96c8719740c2525e3c0cf7836d60b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 235578 0265d4f6ccee2d7b5ee10cfff48fed08
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 231234 611499fb33808ecdd232e2c5350f6838
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 234738 d7757d2da2e542ce0fdad5994be1d8bd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 205592 c10ac9eb401184c379b7993b6a62cde3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 206358 fc91c0159b096e744c42014e6e5f8909
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 141212 f87d5f443e5d8e1c3eda6f976b3ceb06
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 749716 86ae389b81b057288ff3c0b69ef68656
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 254134 4337f858972022fa196c9a1f9bb724fb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 249596 44a6e21ff8fa81d09dab19cab4caffdb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 253698 f101a1709f21320716d4c9afb356f24f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 205604 3f4d4f6733257a7037e35101ef792352
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 206386 06402188459de8dab5279b5bfef768fa
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 158390 0acffbdb7e5602b434c4f2805f8dc4d0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 906022 28c3e8b63d123a4ca0632b3fed6720b5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 237422 5651f53b09c0f36e1333c569980a0eb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 233152 1165607c64c57c84212b6b106254e885
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 236606 bbe00d0707c279a16eca35258dd8f13a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 205598 76afcd4085fa6f39055a5a3f1ef34a43
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 206372 5c67270e0a19d1558cf17cb21a114833
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 143838 28e9c3811feeac70b846279e82c23430
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 765398 92c5b054b80b6258a1c4caac8248a40a
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz
Size/MD5: 137715 0e8a6128ff37a1c064d4ce881b5d3df9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc
Size/MD5: 1788 5e3c3d53b68ea3053bcca3a5e19f5911
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz
Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 2041786 cd1e98fb2064bad51f7845f203a07d79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 6538578 32e07db65f1e7b3002aedc3afce1748c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 45474 0f1b4fb499af61a596241bd4f0f4d35d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 254968 f2004f847cc5cbc730599352ad1f7dc6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 249196 fb001fc4f192e9b8ae1bb7161925413c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 254360 419b942bad4cf4d959afcfa3ce4314e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 208524 0d87bf6acbf1ab5dc48c68debe7c0d26
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 84490 2a4df4b619debe549f48ac3e9e764305
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 82838 215665711684d5b5dd04cdfa23d36462
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 209550 496d387e315370c0cd83489db663a356
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 147762 48061b9015c78b39b7afd834f4c81ae0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 820242 3497441009bc9db76a87fd2447ba433c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 241376 488812d1a311fd67dafd5b18b6813920
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 236082 9256681808703f40e822c81b53f4ce3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 240668 2b6b7c11a88ed5a280f603305bee880e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 208532 e0eccceba6cae5fb12f431ff0283a23e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 83922 ea5f69f36e344e493cce5d9c0bc69c46
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 82320 0d9b2f9afff4b9efe924b59e9bb039ea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 209554 f4e53148ae30d5c4f060d455e4f11f95
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 146596 5ed6a4af9378bacfb7d4a034d9923915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 778564 ffd7752394933004094c13b00113b263
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 238358 4955c7d577496ea4f3573345fad028a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 232964 76aecf38baba17a8a968329b818ec74a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 237626 83f32bd08e2e206bbdb9f92cfb1a37e5
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 208528 6672fb116e108687669c89197732fbb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 83870 b8f875f197017aec0fe8203c203065d7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 82296 d6724391ed540b351e2b660ba98af1ca
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 209550 263b43fb11c6d954d5a4bf7839e720a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 146282 a225b8d0f48e141eea28b2369d4595c0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 766494 454c737e191429c43ad3f28c9e0294a0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 261510 d3e1155682726cc28859156e647d97b3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 256082 e49d894a6e9ab612a3cbd2f189ca3d8d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 260850 bc3cd7677cd630ac00424e73a3a6b343
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 208542 ae1cc6b1323832528ad8f0e7130ec87d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 84558 68452b686e89320007e9c5367ce36345
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 82908 2b8c5fc4bdec1017735dc16eba41d0a6
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 209562 a8da7487e3dcd1bdff008956728b8dd3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 161030 a5ffe07d5e3050c8a54c4fccd3732263
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 926240 8282583e86e84bd256959540f39a515d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 246720 e54b4b9b354001a910ec9027dc90b0d2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 241280 1eea25472875056e34cd2c3283c60171
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 246024 5709e7421814ecfb83fff5804d429971
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 208528 25cdfd0177da7e5484d3d44f93257863
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 84096 3ffbacffcc23ffc640a2ce05d35437bf
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 82470 17d1ca84f9455c492013f4f754a1d365
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 209546 696ef3652703523aea6208a4e51e48f1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 150932 44c89e0249c85eed09b6f3a6a23db59d
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 783902 773a80d7a85a452016da3b10b1f3ae43
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz
Size/MD5: 141023 50d6737005a6d4fe601e223a39293f99
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc
Size/MD5: 1795 59720f4d7ad291c986d92ec120750c3d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz
Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 2219326 d29c903489b894ddf88b23a0fec23e5c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 46636 ee03585b00f277ed98c0de07a683317a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 6948222 a3505a83c13cf36c86248079127dd84d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 259028 5e9bddefad4c58c3ef9fd15d7a06988d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 253218 ee1bfbb759ffade3a52a6782e2f4b66d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 258414 8ef063026de9790bac1965427ce1b584
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 213294 09701d434bd102e4205e551b4525afd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 214258 e98de48ea01e1132c5f1248a9a018745
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 151140 2f7c7f14b843b2c24de8c67356406449
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 826834 28abdf1c7be886e9be2825d351abaec7
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 87818 670c62615e107920c45893b3377ab2a0
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 86094 5a7c68fd37066287b4819cba4cfed1f2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 245538 952540b7679ebc8d3ffc953f32d3be0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 240048 08a7fd4888ffd9188890e57c613c4be7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 244914 955bb5121da808d44aa994386d90723f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 213308 dd16143608ff8c41cb2d5cd27212a57e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 214280 1e1f5d6feef40413f823a19126a018e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 150046 0769d86d26282d1d31615050ae5b8915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 784198 8760e9c37147d0472dbbfe941c058829
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 87182 21980cb1035d05f69b857870bbcbc085
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 85572 6a1b8a5e4cb19e815e88335757b06cf3
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 242386 859ad63822b7e82c81cd6dcaca088c4a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 236924 200538ce94218c9d8af8532636bfd40a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 241822 3a3183ea4ee77d2677919d3b698f92a1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 213286 bf81273b1db0a4a621085171c2b2b421
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 214264 ed278dab71289d2baae2ea409382fbf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 149758 75f6e2d7bd1cdfe5b1806062c3c859df
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 773424 c7cdc26051bd9443ae25b73776537fb5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 87132 32e7ea89c96a0afce7ce1da457d947fb
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 85550 1d9b5963aa6ea5c01492ec417ab8510a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 265476 5d03fe6b2da8de98c876941ff78b066f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 260478 3e3aeaaf496cc86c62a831c59994c1f2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 265154 5eae30e7a33c09b37483f3aab595d0e9
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 213314 879534ebabbb8be86b606e1800dc9cf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 214286 922033231a6aa67ecca1c400d47f09c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 164444 74faf68f0baeffcd011155ca9b201039
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 932416 2911758e4ad1b3b401369621301ea76f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 87876 1d45c033ec5498c092f30188cf1d481e
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 86154 52c1d8806d52fef6f43ab53662953953
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 250786 4e8e98dcba5543394ed5f07d141ce408
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 245094 a82bf04fc92b8c275b0c0f25cc81ff91
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 250110 092cf734813ae1d127d7b4f498f936c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 213312 98d7062a6bdb58637f7e850b76bfbc80
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 214286 a378e2e0418631cec0f398379a446172
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 154284 ce8b7bbccd359675b70426df15becfed
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 789298 11f088b18425b97367d5bc141da2ef2f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 87384 477b6594866c8c73a8a3603e7e646c68
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 85686 5562ea5a0e6f01ba12adda3afb65c1b0
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz
Size/MD5: 185244 1ef59f9642bd9efa35e0808ea804cd0b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc
Size/MD5: 1888 d3bfdecefdd8b1adec8ab35dcf85d2b3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz
Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2246560 be12bcc117bf165ffd3401486186762e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2336 009d381342b0be5280835a46c91f01d9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2374 7545a3750acea08e95bee86f6a3247e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2314 17719223d92d46821098ce178b5947d6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 284782 4321e3201d8e8d1a9e3c6fbe6864102b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 1424 7b4d96008368549d5600a8c1f64a7559
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2366 46add3d428c97fa69a8848a3e4025bb0
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 137080 91e4f72d0f1f0abe91555e1497558fc2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 138176 5fd6a5ed536306528f9f2c1a0281ad70
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 156646 cfa55666363303b3f44a24fa2929bf01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 1399630 82b36d57faa29a646e72a1125600c11c
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 92488 ddebef9d1a537520380f85b63c512bef
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 90880 c6d163edf145da8ff6d102dc0dd1f8d7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 137102 69dcd0519ca612e02102f52dcb50bf7f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 138200 17221b53903d664823a55faa1ec4d9a9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 155166 4347806710edff47fc051b4a68d5b448
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 1309136 d9a7df212b315fc6f77fc87fa8eb4a04
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 91876 289bf732dd4750a2ce61ab121b04b079
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 90316 add7f446f6b524343c0066a486dd299a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 137088 571e9f0370b5687acff25f71c4efe33e
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 138192 816a6e033f02114553bbb3627b9c6f9c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 155090 af8272dc794250c30cd2f66b82486dc2
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 1290606 4c51de07f5a6fe9612de45369e6f35a5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 91830 06866386df811127f4fd71d6fb2a9e2a
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 90312 9e68bd8111503135a4eae7265b0084ae
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 137096 61b24dbeb12d7998e5d7014c26410a99
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 138202 599898ff374bde8bfa388e2615064c5a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 161058 fea8f5b9a80bef9c4cb3405bc37160af
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 1390150 fb1a244728a509586b77d02930fcf10f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 92400 572c3b0aa5ab717e8c4e4e8248aff1ff
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 90774 82011ebc757d31e690698cf9913e3adc
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 137098 7f566dfade1678c72eac7dd923ab5987
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 138202 09fbc3145d768cf1f204d47b50e21528
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 159488 7cb6c81588adaee162b8c85a1f69e7a7
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 1297936 106b0b71f5e928c1d543973b5b1f015b
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 92166 28899fe31226880dfa961d8b05e8fa43
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 90554 f207de0099ed259e2af736e8c82f91c2
. USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue.
After updating openssl, an Apache server will allow both patched and unpatched web browsers to connect, but unpatched browsers will not be able to renegotiate. This update introduces the new SSLInsecureRenegotiation directive for Apache that may be used to re-enable insecure renegotiations with unpatched web browsers. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2009:323 http://www.mandriva.com/security/
Package : apache Date : December 7, 2009 Affected: 2008.0
Problem Description:
Multiple vulnerabilities has been found and corrected in apache:
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm (CVE-2008-1678). Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only).
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0.
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195).
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890).
Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891).
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command (CVE-2009-3094).
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095).
Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555).
Packages for 2008.0 are being provided due to extended support for Corporate products.
This update provides a solution to these vulnerabilities.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
Updated Packages:
Mandriva Linux 2008.0: dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu MUj4lK2Wsb+qzbv2V+Ih30U= =VdZS -----END PGP SIGNATURE----- .
Additionally the NSPR package has been upgraded to 4.8.4 that brings numerous upstream fixes.
This update provides the latest versions of NSS and NSPR libraries and for which NSS is not vulnerable to this attack. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Aruba Networks Security Advisory
Title: TLS Protocol Session Renegotiation Security Vulnerability
Aruba Advisory ID: AID-020810 Revision: 1.0
For Public Release on 02/08/2010
+----------------------------------------------------
SUMMARY
This advisory addresses the renegotiation related vulnerability disclosed recently in Transport Layer Security protocol [1][2].
The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. If a client browser (victim) is configured to authenticate to the WebUI over HTTPS using a client certificate, an attacker can potentially use the victim's credentials temporarily to execute arbitrary HTTP request for each initiation of an HTTPS session from the victim to the WebUI. This would happen without any HTTPS/TLS warnings to the victim. This condition can essentially be exploited by an attacker for command injection in beginning of a HTTPS session between the victim and the ArubaOS WebUI.
ArubaOS itself does not initiate TLS renegotiation at any point and hence is only vulnerable to scenario where a client explicitly requests TLS renegotiation. Captive Portal users do not seem vulnerable to this issue unless somehow client certificates are being used to authenticate captive portal users.
AFFECTED ArubaOS VERSIONS
2.5.6.x, 3.3.2.x, 3.3.3.x, 3.4.0.x, 3.4.1.x, RN 3.1.x, 3.3.2.x-FIPS, 2.4.8.x-FIPS
CHECK IF YOU ARE VULNERABLE
The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. ArubaOS is vulnerable only if its configuration permits WebUI administration interface clients to connect using either username/password or client certificates. If only one of the two authentication method is allowed, this issue does not seem to apply.
Check if the following line appears in your configuration:
web-server mgmt-auth username/password certificate
If the exact line does not appear in the configuration, this issue does not apply.
DETAILS
An industry wide vulnerability was discovered in TLS protocol's renegotiation feature, which allows a client and server who already have a TLS connection to negotiate new session parameters and generate new key material. Renegotiation is carried out in the existing TLS connection. However there is no cryptographic binding between the renegotiated TLS session and the original TLS session. An attacker who has established MITM between client and server may be able to take advantage of this and inject arbitrary data into the beginning of the application protocol stream protected by TLS. Specifically arbitrary HTTP requests can be injected in a HTTPS session where attacker (MITM) blocks HTTPS session initiation between client and server, establishes HTTPS session with the server itself, injects HTTP data and initiates TLS renegotiation with the server. Then attacker allows the renegotiation to occur between the client and the server. After successful HTTPS session establishment with the server, now the client sends its HTTP request along with its HTTP credentials (cookie) to the server. However due to format of attacker's injected HTTP data, the client's HTTP request is not processed, rather the attacker's HTTP request gets executed with credentials of the client. The attacker is not able to view the results of the injected HTTP request due to the fact that data between the client and the server is encrypted over HTTPS.
ArubaOS itself does not initiate TLS renegotiation at any point. The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface.
Pre-requisites for this attack : 1. The attacker must be able to establish a MITM between the client and the server (ArubaOS WebUI). 2. The attacker must be able to establish a successful HTTPS session with the server (ArubaOS WebUI) 3. ArubaOS must be configured to allow certificate based HTTPS authentication for WebUI clients (client certs).
Captive Portal users do not seem vulnerable to this issue unless somehow client certificates are being used to authenticate captive portal users.
CVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
WORKAROUNDS
Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical. However, in the event that a patch cannot immediately be applied, the following steps will help to mitigate the risk:
-
-
- Disable certificate based HTTPS authentication (and only allow username-password based authentication) for WebUI clients. Client's username-password authentication POST request will prohibit attacker's injected HTTP data from executing with client's cookie. CLI command: web-server mgmt-auth username/password
-
-
-
- Permit certificate based HTTPS authentication ONLY and disable username-password based authentication to WebUI. This will prohibit attacker from establishing a HTTPS session with ArubaOS (for MITM) without a valid client cert. CLI command: web-server mgmt-auth certificate
Note: This step won't stop command injection from attackers who have valid client certificates but their assigned management role privileges are lower than that of the admin. This attack may allow them to run commands at higher privilege than what is permitted in their role.
-
-
-
- Do not expose the Mobility Controller administrative interface to untrusted networks such as the Internet.
-
SOLUTION
Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical.
The following patches have the fix (any newer patch will also have the fix):
-
-
-
- 2.5.6.24
-
-
-
-
-
- 3.3.2.23
-
-
-
-
-
- 3.3.3.2
-
-
-
-
-
- 3.4.0.7
-
-
-
-
-
- 3.4.1.1
-
-
-
-
-
- RN 3.1.4
-
-
Please contact Aruba support for obtaining patched FIPS releases.
Please note: We highly recommend that you upgrade your Mobility Controller to the latest available patch on the Aruba support site corresponding to your currently installed release.
REFERENCES
[1] http://extendedsubset.com/?p=8
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
+----------------------------------------------------
OBTAINING FIXED FIRMWARE
Aruba customers can obtain the firmware on the support website: http://www.arubanetworks.com/support.
Aruba Support contacts are as follows:
1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)
+1-408-754-1200 (toll call from anywhere in the world)
e-mail: support(at)arubanetworks.com
Please, do not contact either "wsirt(at)arubanetworks.com" or "security(at)arubanetworks.com" for software upgrades.
EXPLOITATION AND PUBLIC ANNOUNCEMENTS
This vulnerability will be announced at
Aruba W.S.I.R.T. Advisory: http://www.arubanetworks.com/support/alerts/aid-020810.txt
SecurityFocus Bugtraq http://www.securityfocus.com/archive/1
STATUS OF THIS NOTICE: Final
Although Aruba Networks cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Aruba Networks does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Aruba Networks may update this advisory.
A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.
DISTRIBUTION OF THIS ANNOUNCEMENT
This advisory will be posted on Aruba's website at: http://www.arubanetworks.com/support/alerts/aid-020810.txt
Future updates of this advisory, if any, will be placed on Aruba's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
REVISION HISTORY
Revision 1.0 / 02-08-2010 / Initial release
ARUBA WSIRT SECURITY PROCEDURES
Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at http://www.arubanetworks.com/support/wsirt.php
For reporting NEW Aruba Networks security issues, email can be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.arubanetworks.com/support/wsirt.php
(c) Copyright 2010 by Aruba Networks, Inc.
This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAktwksYACgkQp6KijA4qefXErQCeKJW3YU3Nl7JY4+2Hp2zqM3bN bWAAoJWQT+yeWX2q+02hNEwHWQtGf1YP =CrHf -----END PGP SIGNATURE----- . Transport Layer Security (TLS) is a protocol for ensuring the privacy of communication applications and their users over the Internet. Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01963123 Version: 1
HPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of
Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-12-21 Last Updated: 2009-12-21
Potential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running Apache v2.0.59.12 and earlier. The
vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).
References: CVE-2009-3555
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.12 and previous.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following temporary software updates to resolve the vulnerability.
NOTE: The vulnerability is resolved in OpenSSL 0.9.8l. HP-UX Apache v2.0.59.X versions use statically linked
libraries. HP-UX Apache v2.0.59.13 is compiled with OpenSSL 0.9.8l. Other versions of HP-UX Apache require the
HP-UX OpenSSL packages recommended in HPSBUX02482 SSRT090249, available here
http://www.itrc.hp.com/service/cki/secBullArchive.do
To review previously published Security Bulletins visit http://www.itrc.hp.com/service/cki/secBullArchive.do
The depots are available are available using ftp. Host / Account / Password
ftp.usa.hp.com / sb02498 / Secure12
HP-UX Release / Temporary Depot name / SHA-1 Sum
B.11.11 (IPv4 and IPv6) / Apache 2.0.59.13 PA-64-32-1111.depot / 3B6BE547403C28926482192408D5D5AB603A403D
B.11.23 PA-32 / Apache 2.0.59.13 IA-PA-32-1123.depot / 4809BAF0F83F78F60B7EC73FAF584D221B1CB4A7
B.11.23 IA-64 / Apache 2.0.59.13 IA-PA-64-1123.depot / 1D65F7D49883399F4D202E16754CF7DAE71E3B47
B.11.31 PA-32 / Apache 2.0.59.13 IA-PA-32-1131.depot / 943E21D4621B480B5E8E651ACB605B8F7EA47304
B.11.31 IA-64 / Apache 2.0.59.13 IA-PA-64-1131.depot / B8836FDB73434A3C26FB411E3F7CB3211129E5AC
MANUAL ACTIONS: Yes Install Apache v2.0.59.13 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security
Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a
specific HP-UX system. It can also download patches and create a depot automatically. For more information
see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For Apache IPv4 and IPv6 HP-UX B.11.11 ============= hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.13 or subsequent
HP-UX B.11.23
hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.13 or subsequent
HP-UX B.11.31
hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.13 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 21 December 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
References: CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740. The upgrades are available from the following location.
For Debian 7 (wheezy) this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default (CVE-2009-3555). TLS compression is disabled (CVE-2012-4929), although this is normally already disabled by the OpenSSL system library. Finally it adds the ability to disable the SSLv3 protocol (CVE-2014-3566) entirely via the new "DisableSSLv3" configuration directive, although it will not disabled by default in this update.
For Debian 8 (jessie) these issues have been fixed prior to the release, with the exception of client-initiated renegotiation (CVE-2009-3555). This update addresses that issue for jessie.
For the oldstable distribution (wheezy), these problems have been fixed in version 2.6-2+deb7u1.
For the stable distribution (jessie), these problems have been fixed in version 2.6-6+deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 2.6-6.1.
We recommend that you upgrade your pound packages. ----------------------------------------------------------------------
Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management
Free webinars
http://secunia.com/vulnerability_scanning/corporate/webinars/
TITLE: OpenOffice.org Data Manipulation and Code Execution Vulnerabilities
SECUNIA ADVISORY ID: SA40070
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40070/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40070
RELEASE DATE: 2010-06-08
DISCUSS ADVISORY: http://secunia.com/advisories/40070/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/40070/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40070
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to manipulate certain data or compromise a user's system.
1) An error in the TLS protocol while handling session re-negotiations in included libraries can be exploited to manipulate session data.
For more information see vulnerability #1 in: SA37291
2) An error when exploring python code through the scripting IDE can be exploited to potentially execute arbitrary code.
The vulnerabilities are reported in versions prior to 3.2.1.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2009-3555.html http://www.openoffice.org/security/cves/CVE-2010-0395.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This could force the server to process an attacker's request as if authenticated using the victim's credentials.
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169 (CVE-2013-1619).
The updated packages have been patched to correct these issues. HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Due to a bug in lighttpd, the server fails to start in some configurations if using the updated openssl libraries.
The packages for the hppa, mips, and mipsel architectures are not yet available. They will be released as soon as they have been built
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200911-0398", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "10.10" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "9.04" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "13" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8k" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "0.8.22" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "14" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.1.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "8.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "8.10" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "6.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "9.10" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "12" }, { "model": "gnutls", "scope": "lte", "trust": 1.0, "vendor": "gnu", "version": "2.8.5" }, { "model": "http server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "2.2.14" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "4.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "11" }, { "model": "nss", "scope": "lte", "trust": 1.0, "vendor": "mozilla", "version": "3.12.4" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "5.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "10.04" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "barracuda", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gnutls", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mcafee", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "hp virtual connect", "scope": null, "trust": 0.8, "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9", "version": null }, { "model": "hpe matrix operating environment", "scope": null, "trust": 0.8, "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba", "version": null }, { "model": "hpe systems insight manager", "scope": null, "trust": 0.8, "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba", "version": null }, { "model": "hitachi web server", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#120541" }, { "db": "JVNDB", "id": "JVNDB-2011-001632" }, { "db": "NVD", "id": "CVE-2009-3555" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.2.14", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8k", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.8.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.12.4", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.8.22", "versionStartIncluding": "0.1.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2009-3555" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mandriva", "sources": [ { "db": "PACKETSTORM", "id": "83521" }, { "db": "PACKETSTORM", "id": "88167" }, { "db": "PACKETSTORM", "id": "84181" }, { "db": "PACKETSTORM", "id": "120714" } ], "trust": 0.4 }, "cve": "CVE-2009-3555", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2011-001632", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-41001", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2009-3555", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2009-3555", "trust": 0.8, "value": "0" }, { "author": "IPA", "id": "JVNDB-2011-001632", "trust": 0.8, "value": "Medium" }, { "author": "VULHUB", "id": "VHN-41001", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#120541" }, { "db": "VULHUB", "id": "VHN-41001" }, { "db": "JVNDB", "id": "JVNDB-2011-001632" }, { "db": "NVD", "id": "CVE-2009-3555" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue. Hitachi Web Server for, SSL There is a vulnerability in which arbitrary data is inserted at the beginning of communication data when using the function.Arbitrary data may be inserted at the beginning of communication data by a third party. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). ===========================================================\nUbuntu Security Notice USN-860-1 November 19, 2009\napache2 vulnerabilities\nCVE-2009-3094, CVE-2009-3095, CVE-2009-3555\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 8.10\nUbuntu 9.04\nUbuntu 9.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-common 2.0.55-4ubuntu2.9\n\nUbuntu 8.04 LTS:\n apache2.2-common 2.2.8-1ubuntu0.14\n\nUbuntu 8.10:\n apache2.2-common 2.2.9-7ubuntu3.5\n\nUbuntu 9.04:\n apache2.2-common 2.2.11-2ubuntu2.5\n\nUbuntu 9.10:\n apache2.2-common 2.2.12-1ubuntu2.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\nprotocols. The flaw is with TLS renegotiation and\npotentially affects any software that supports this feature. Attacks\nagainst the HTTPS protocol are known, with the severity of the issue\ndepending on the safeguards used in the web application. Until the TLS\nprotocol and underlying libraries are adjusted to defend against this\nvulnerability, a partial, temporary workaround has been applied to Apache\nthat disables client initiated TLS renegotiation. This update does not\nprotect against server initiated TLS renegotiation when using\nSSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. \nUsers can defend againt server inititiated TLS renegotiation attacks by\nadjusting their Apache configuration to use SSLVerifyClient and\nSSLCipherSuite only on the server or virtual host level. (CVE-2009-3555)\n\nIt was discovered that mod_proxy_ftp in Apache did not properly sanitize\nits input when processing replies to EPASV and PASV commands. An attacker\ncould use this to cause a denial of service in the Apache child process. \n(CVE-2009-3094)\n\nAnother flaw was discovered in mod_proxy_ftp. \n(CVE-2009-3095)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz\n Size/MD5: 130638 5d172b0ca228238e211940fad6b0935d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc\n Size/MD5: 1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb\n Size/MD5: 2125884 643115e9135b9bf626f3a65cfc5f2ed3\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 834492 818915da9848657833480b1ead6b4a12\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 229578 9086ac3033e0425ecd150b31b377ee76\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 224594 85a4480344a072868758c466f6a98747\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 229128 446b52088b9744fb776e53155403a474\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 172850 17e4cd95ecb9d0390274fca9625c2e5e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 173636 b501407d01fa07e5807c28cd1db16cd7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 95454 a06ee30ec14b35003ebcb821624bc2af\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 37510 4c063b1b8d831ea8a02d5ec691995dec\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 287048 9cdc7502ebc526d4bc7df9b59a9d8925\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 145624 4b613a57da2ca57678e8c8f0c1628556\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 787870 67b1855dc984e5296ac9580e2a2f0a0c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 204122 edf40b0ff5c1824b2d6232da247ce480\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 200060 6267a56fcef78f6300372810ce36ea41\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 203580 c487929bbf45b5a4dc3d035d86f7b3a0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 172876 bae257127c3d137e407a7db744f3d57a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 173660 9dd0e108ab4d3382799b29d901bf4502\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 93410 d5d602c75a28873f1cd7523857e0dd80\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 37508 22049e1ea8ea88259ff3f6e94482cfb3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 263066 43fa2ae3b43c4743c98c45ac22fb0250\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 133484 e70b7f81859cb92e0c50084e92216526\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 860622 6d386da8da90d363414846dbc7fa7f08\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 221470 8c207b379f7ba646c94759d3e9079dd4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 217132 069cab77278b101c3c4a5b172f36ba9b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 220968 2f6ba65769fc964eb6dfec8a842f7621\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 172874 89137c84b5a33f526daf3f8b4c047a7e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 173662 23e576721faccb4aef732cf98e2358d4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 105198 44f9e698567784555db7d7d971b9fce2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 37518 fe7caa2a3cf6d4227ac34692de30635e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 282644 ec0306c04778cf8c8edd622aabb0363c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 142730 d43356422176ca29440f3e0572678093\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 211674 eb19532b9b759c806e9a95a4ffbfad9b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 207344 9e5770a4c94cbc4f9bc8cc11a6a038f1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 210948 6d1d2357cec5b88c1c2269e5c16724bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 172882 d04dd123def1bc4cfbf2ac0095432eea\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 173662 6be46bbb9e92224020da49d657cb4cd4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 94510 9df6ae07a9218d6159b1eebde5d58606\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 37506 89856bb1433e67fb23c8d34423d3e0a5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 269070 bf585dec777b0306cd80663c11b020df\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 131466 340eaf2d2c1f129c7676a152776cfcf3\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz\n Size/MD5: 141838 37d5c93b425758839cbef5afea5353a2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc\n Size/MD5: 1381 78c9a13cc2af0dbf3958a3fc98aeea84\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz\n Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 1929318 d4faaf64c2c0af807848ea171a4efa90\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 72920 065d63c19b22f0f7a8f7c28952b0b408\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 6258048 33c48a093bbb868ea108a50c051437cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 45850 07a9463a8e4fdf1a48766d5ad08b9a3c\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 253080 3c6467ee604002a5b8ebffff8554c568\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 248676 3c83ce9eb0a27f18b9c3a8c3e651cafa\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 252490 cf379a515d967d89d2009be9e06d4833\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 205592 af6cb62114d2e70bf859c32008a66433\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 141660 958585d6391847cd5a618464054f7d37\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 803974 76d23bd94465a2f96711dc1c41b31af0\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 236060 ad4c00dc10b406cc312982b7113fa468\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 231580 07ae6a192e6c859e49d48f2b2158df40\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 235308 18a44bbffcebde8f2d66fe3a6bdbab6d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 205594 73ec71599d4c8a42a69ac3099b9d50cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 206374 c1524e4fa8265e7eaac046b114b8c463\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 140644 379a125b8b5b51ff8033449755ab87b8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 755574 9de96c8719740c2525e3c0cf7836d60b\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 235578 0265d4f6ccee2d7b5ee10cfff48fed08\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 231234 611499fb33808ecdd232e2c5350f6838\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 234738 d7757d2da2e542ce0fdad5994be1d8bd\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 205592 c10ac9eb401184c379b7993b6a62cde3\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 206358 fc91c0159b096e744c42014e6e5f8909\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 141212 f87d5f443e5d8e1c3eda6f976b3ceb06\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 749716 86ae389b81b057288ff3c0b69ef68656\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 254134 4337f858972022fa196c9a1f9bb724fb\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 249596 44a6e21ff8fa81d09dab19cab4caffdb\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 253698 f101a1709f21320716d4c9afb356f24f\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 205604 3f4d4f6733257a7037e35101ef792352\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 206386 06402188459de8dab5279b5bfef768fa\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 158390 0acffbdb7e5602b434c4f2805f8dc4d0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 906022 28c3e8b63d123a4ca0632b3fed6720b5\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 237422 5651f53b09c0f36e1333c569980a0eb0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 233152 1165607c64c57c84212b6b106254e885\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 236606 bbe00d0707c279a16eca35258dd8f13a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 205598 76afcd4085fa6f39055a5a3f1ef34a43\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 206372 5c67270e0a19d1558cf17cb21a114833\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 143838 28e9c3811feeac70b846279e82c23430\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 765398 92c5b054b80b6258a1c4caac8248a40a\n\nUpdated packages for Ubuntu 8.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz\n Size/MD5: 137715 0e8a6128ff37a1c064d4ce881b5d3df9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc\n Size/MD5: 1788 5e3c3d53b68ea3053bcca3a5e19f5911\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz\n Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb\n Size/MD5: 2041786 cd1e98fb2064bad51f7845f203a07d79\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb\n Size/MD5: 6538578 32e07db65f1e7b3002aedc3afce1748c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb\n Size/MD5: 45474 0f1b4fb499af61a596241bd4f0f4d35d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 254968 f2004f847cc5cbc730599352ad1f7dc6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 249196 fb001fc4f192e9b8ae1bb7161925413c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 254360 419b942bad4cf4d959afcfa3ce4314e2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 208524 0d87bf6acbf1ab5dc48c68debe7c0d26\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 84490 2a4df4b619debe549f48ac3e9e764305\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 82838 215665711684d5b5dd04cdfa23d36462\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 209550 496d387e315370c0cd83489db663a356\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 147762 48061b9015c78b39b7afd834f4c81ae0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 820242 3497441009bc9db76a87fd2447ba433c\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 241376 488812d1a311fd67dafd5b18b6813920\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 236082 9256681808703f40e822c81b53f4ce3e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 240668 2b6b7c11a88ed5a280f603305bee880e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 208532 e0eccceba6cae5fb12f431ff0283a23e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 83922 ea5f69f36e344e493cce5d9c0bc69c46\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 82320 0d9b2f9afff4b9efe924b59e9bb039ea\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 209554 f4e53148ae30d5c4f060d455e4f11f95\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 146596 5ed6a4af9378bacfb7d4a034d9923915\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 778564 ffd7752394933004094c13b00113b263\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 238358 4955c7d577496ea4f3573345fad028a4\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 232964 76aecf38baba17a8a968329b818ec74a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 237626 83f32bd08e2e206bbdb9f92cfb1a37e5\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 208528 6672fb116e108687669c89197732fbb0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 83870 b8f875f197017aec0fe8203c203065d7\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 82296 d6724391ed540b351e2b660ba98af1ca\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 209550 263b43fb11c6d954d5a4bf7839e720a4\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 146282 a225b8d0f48e141eea28b2369d4595c0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 766494 454c737e191429c43ad3f28c9e0294a0\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 261510 d3e1155682726cc28859156e647d97b3\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 256082 e49d894a6e9ab612a3cbd2f189ca3d8d\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 260850 bc3cd7677cd630ac00424e73a3a6b343\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 208542 ae1cc6b1323832528ad8f0e7130ec87d\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 84558 68452b686e89320007e9c5367ce36345\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 82908 2b8c5fc4bdec1017735dc16eba41d0a6\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 209562 a8da7487e3dcd1bdff008956728b8dd3\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 161030 a5ffe07d5e3050c8a54c4fccd3732263\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 926240 8282583e86e84bd256959540f39a515d\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 246720 e54b4b9b354001a910ec9027dc90b0d2\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 241280 1eea25472875056e34cd2c3283c60171\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 246024 5709e7421814ecfb83fff5804d429971\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 208528 25cdfd0177da7e5484d3d44f93257863\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 84096 3ffbacffcc23ffc640a2ce05d35437bf\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 82470 17d1ca84f9455c492013f4f754a1d365\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 209546 696ef3652703523aea6208a4e51e48f1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 150932 44c89e0249c85eed09b6f3a6a23db59d\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 783902 773a80d7a85a452016da3b10b1f3ae43\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz\n Size/MD5: 141023 50d6737005a6d4fe601e223a39293f99\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc\n Size/MD5: 1795 59720f4d7ad291c986d92ec120750c3d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz\n Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb\n Size/MD5: 2219326 d29c903489b894ddf88b23a0fec23e5c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb\n Size/MD5: 46636 ee03585b00f277ed98c0de07a683317a\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb\n Size/MD5: 6948222 a3505a83c13cf36c86248079127dd84d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 259028 5e9bddefad4c58c3ef9fd15d7a06988d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 253218 ee1bfbb759ffade3a52a6782e2f4b66d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 258414 8ef063026de9790bac1965427ce1b584\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 213294 09701d434bd102e4205e551b4525afd1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 214258 e98de48ea01e1132c5f1248a9a018745\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 151140 2f7c7f14b843b2c24de8c67356406449\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 826834 28abdf1c7be886e9be2825d351abaec7\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 87818 670c62615e107920c45893b3377ab2a0\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 86094 5a7c68fd37066287b4819cba4cfed1f2\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 245538 952540b7679ebc8d3ffc953f32d3be0f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 240048 08a7fd4888ffd9188890e57c613c4be7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 244914 955bb5121da808d44aa994386d90723f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 213308 dd16143608ff8c41cb2d5cd27212a57e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 214280 1e1f5d6feef40413f823a19126a018e3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 150046 0769d86d26282d1d31615050ae5b8915\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 784198 8760e9c37147d0472dbbfe941c058829\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 87182 21980cb1035d05f69b857870bbcbc085\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 85572 6a1b8a5e4cb19e815e88335757b06cf3\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 242386 859ad63822b7e82c81cd6dcaca088c4a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 236924 200538ce94218c9d8af8532636bfd40a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 241822 3a3183ea4ee77d2677919d3b698f92a1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 213286 bf81273b1db0a4a621085171c2b2b421\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 214264 ed278dab71289d2baae2ea409382fbf8\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 149758 75f6e2d7bd1cdfe5b1806062c3c859df\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 773424 c7cdc26051bd9443ae25b73776537fb5\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 87132 32e7ea89c96a0afce7ce1da457d947fb\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 85550 1d9b5963aa6ea5c01492ec417ab8510a\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 265476 5d03fe6b2da8de98c876941ff78b066f\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 260478 3e3aeaaf496cc86c62a831c59994c1f2\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 265154 5eae30e7a33c09b37483f3aab595d0e9\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 213314 879534ebabbb8be86b606e1800dc9cf8\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 214286 922033231a6aa67ecca1c400d47f09c1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 164444 74faf68f0baeffcd011155ca9b201039\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 932416 2911758e4ad1b3b401369621301ea76f\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 87876 1d45c033ec5498c092f30188cf1d481e\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 86154 52c1d8806d52fef6f43ab53662953953\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 250786 4e8e98dcba5543394ed5f07d141ce408\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 245094 a82bf04fc92b8c275b0c0f25cc81ff91\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 250110 092cf734813ae1d127d7b4f498f936c1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 213312 98d7062a6bdb58637f7e850b76bfbc80\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 214286 a378e2e0418631cec0f398379a446172\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 154284 ce8b7bbccd359675b70426df15becfed\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 789298 11f088b18425b97367d5bc141da2ef2f\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 87384 477b6594866c8c73a8a3603e7e646c68\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 85686 5562ea5a0e6f01ba12adda3afb65c1b0\n\nUpdated packages for Ubuntu 9.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz\n Size/MD5: 185244 1ef59f9642bd9efa35e0808ea804cd0b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc\n Size/MD5: 1888 d3bfdecefdd8b1adec8ab35dcf85d2b3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz\n Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2246560 be12bcc117bf165ffd3401486186762e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2336 009d381342b0be5280835a46c91f01d9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2374 7545a3750acea08e95bee86f6a3247e2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2314 17719223d92d46821098ce178b5947d6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 284782 4321e3201d8e8d1a9e3c6fbe6864102b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 1424 7b4d96008368549d5600a8c1f64a7559\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2366 46add3d428c97fa69a8848a3e4025bb0\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 137080 91e4f72d0f1f0abe91555e1497558fc2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 138176 5fd6a5ed536306528f9f2c1a0281ad70\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 156646 cfa55666363303b3f44a24fa2929bf01\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 1399630 82b36d57faa29a646e72a1125600c11c\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 92488 ddebef9d1a537520380f85b63c512bef\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 90880 c6d163edf145da8ff6d102dc0dd1f8d7\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 137102 69dcd0519ca612e02102f52dcb50bf7f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 138200 17221b53903d664823a55faa1ec4d9a9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 155166 4347806710edff47fc051b4a68d5b448\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 1309136 d9a7df212b315fc6f77fc87fa8eb4a04\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 91876 289bf732dd4750a2ce61ab121b04b079\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 90316 add7f446f6b524343c0066a486dd299a\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 137088 571e9f0370b5687acff25f71c4efe33e\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 138192 816a6e033f02114553bbb3627b9c6f9c\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 155090 af8272dc794250c30cd2f66b82486dc2\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 1290606 4c51de07f5a6fe9612de45369e6f35a5\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 91830 06866386df811127f4fd71d6fb2a9e2a\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 90312 9e68bd8111503135a4eae7265b0084ae\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 137096 61b24dbeb12d7998e5d7014c26410a99\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 138202 599898ff374bde8bfa388e2615064c5a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 161058 fea8f5b9a80bef9c4cb3405bc37160af\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 1390150 fb1a244728a509586b77d02930fcf10f\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 92400 572c3b0aa5ab717e8c4e4e8248aff1ff\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 90774 82011ebc757d31e690698cf9913e3adc\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 137098 7f566dfade1678c72eac7dd923ab5987\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 138202 09fbc3145d768cf1f204d47b50e21528\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 159488 7cb6c81588adaee162b8c85a1f69e7a7\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 1297936 106b0b71f5e928c1d543973b5b1f015b\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 92166 28899fe31226880dfa961d8b05e8fa43\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 90554 f207de0099ed259e2af736e8c82f91c2\n\n\n. USN-990-1\nintroduced the new RFC5746 renegotiation extension in openssl, and\ncompletely resolves the issue. \n\nAfter updating openssl, an Apache server will allow both patched and\nunpatched web browsers to connect, but unpatched browsers will not be able\nto renegotiate. This update introduces the new SSLInsecureRenegotiation\ndirective for Apache that may be used to re-enable insecure renegotiations\nwith unpatched web browsers. This update adds backported support\n for the new RFC5746 renegotiation extension and will use it when both the\n client and the server support it. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2009:323\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : apache\n Date : December 7, 2009\n Affected: 2008.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been found and corrected in apache:\n \n Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c\n in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to\n cause a denial of service (memory consumption) via multiple calls, as\n demonstrated by initial SSL client handshakes to the Apache HTTP Server\n mod_ssl that specify a compression algorithm (CVE-2008-1678). Note\n that this security issue does not really apply as zlib compression\n is not enabled in the openssl build provided by Mandriva, but apache\n is patched to address this issue anyway (conserns 2008.1 only). \n \n Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the\n mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c\n in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,\n allows remote attackers to inject arbitrary web script or HTML via\n wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this\n security issue was initially addressed with MDVSA-2008:195 but the\n patch fixing the issue was added but not applied in 2009.0. \n \n The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not\n properly handle Options=IncludesNOEXEC in the AllowOverride directive,\n which allows local users to gain privileges by configuring (1) Options\n Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a\n .htaccess file, and then inserting an exec element in a .shtml file\n (CVE-2009-1195). \n \n The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy\n module in the Apache HTTP Server before 2.3.3, when a reverse proxy\n is configured, does not properly handle an amount of streamed data\n that exceeds the Content-Length value, which allows remote attackers\n to cause a denial of service (CPU consumption) via crafted requests\n (CVE-2009-1890). \n \n Fix a potential Denial-of-Service attack against mod_deflate or other\n modules, by forcing the server to consume CPU time in compressing a\n large file after a client disconnects (CVE-2009-1891). \n \n The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in\n the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13\n allows remote FTP servers to cause a denial of service (NULL pointer\n dereference and child process crash) via a malformed reply to an EPSV\n command (CVE-2009-3094). \n \n The mod_proxy_ftp module in the Apache HTTP Server allows remote\n attackers to bypass intended access restrictions and send arbitrary\n commands to an FTP server via vectors related to the embedding of these\n commands in the Authorization HTTP header, as demonstrated by a certain\n module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903,\n this disclosure has no actionable information. However, because the\n VulnDisco Pack author is a reliable researcher, the issue is being\n assigned a CVE identifier for tracking purposes (CVE-2009-3095). \n \n Apache is affected by SSL injection or man-in-the-middle attacks\n due to a design flaw in the SSL and/or TLS protocols. A short term\n solution was released Sat Nov 07 2009 by the ASF team to mitigate\n these problems. Apache will now reject in-session renegotiation\n (CVE-2009-3555). \n \n Packages for 2008.0 are being provided due to extended support for\n Corporate products. \n \n This update provides a solution to these vulnerabilities. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm\n 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm\n ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm\n 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm\n 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm\n b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm\n 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm\n 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm\n 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm\n a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm\n 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm\n 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm\n 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm\n d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm\n 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm\n e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm\n 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm\n d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm\n 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm\n 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm\n 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm\n c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm \n 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm\n 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm\n ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm\n 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm\n ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm\n 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm\n 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm\n 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm\n 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm\n dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm\n dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm\n 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm\n f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm\n 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm\n b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm\n 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm\n d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm\n e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm \n 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu\nMUj4lK2Wsb+qzbv2V+Ih30U=\n=VdZS\n-----END PGP SIGNATURE-----\n. \n \n Additionally the NSPR package has been upgraded to 4.8.4 that brings\n numerous upstream fixes. \n \n This update provides the latest versions of NSS and NSPR libraries\n and for which NSS is not vulnerable to this attack. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAruba Networks Security Advisory\n\nTitle: TLS Protocol Session Renegotiation Security Vulnerability\n\nAruba Advisory ID: AID-020810\nRevision: 1.0\n\nFor Public Release on 02/08/2010\n\n+----------------------------------------------------\n\nSUMMARY\n\nThis advisory addresses the renegotiation related vulnerability\ndisclosed recently in Transport Layer Security protocol [1][2]. \n\nThe only ArubaOS component that seems affected by this issue is the\nHTTPS WebUI administration interface. If a client browser (victim) is\nconfigured to authenticate to the WebUI over HTTPS using a client\ncertificate, an attacker can potentially use the victim\u0027s credentials\ntemporarily to execute arbitrary HTTP request for each initiation of an\nHTTPS session from the victim to the WebUI. This would happen without\nany HTTPS/TLS warnings to the victim. This condition can essentially be\nexploited by an attacker for command injection in beginning of a HTTPS\nsession between the victim and the ArubaOS WebUI. \n\nArubaOS itself does not initiate TLS renegotiation at any point and\nhence is only vulnerable to scenario where a client explicitly requests\nTLS renegotiation. Captive Portal users do not seem vulnerable to this\nissue unless somehow client certificates are being used to authenticate\ncaptive portal users. \n\nAFFECTED ArubaOS VERSIONS\n\n 2.5.6.x, 3.3.2.x, 3.3.3.x, 3.4.0.x, 3.4.1.x, RN 3.1.x, 3.3.2.x-FIPS,\n2.4.8.x-FIPS\n\n\nCHECK IF YOU ARE VULNERABLE\n\nThe only ArubaOS component that seems affected by this issue is the\nHTTPS WebUI administration interface. ArubaOS is vulnerable only if its\nconfiguration permits WebUI administration interface clients to connect\nusing either username/password or client certificates. If only one of\nthe two authentication method is allowed, this issue does not seem to apply. \n\nCheck if the following line appears in your configuration:\n\t\n\tweb-server mgmt-auth username/password certificate\n\nIf the exact line does not appear in the configuration, this issue does\nnot apply. \n\t\n\nDETAILS\n\nAn industry wide vulnerability was discovered in TLS protocol\u0027s\nrenegotiation feature, which allows a client and server who already have\na TLS connection to negotiate new session parameters and generate new\nkey material. Renegotiation is carried out in the existing TLS\nconnection. However there is no cryptographic binding between the\nrenegotiated TLS session and the original TLS session. An attacker who\nhas established MITM between client and server may be able to take\nadvantage of this and inject arbitrary data into the beginning of the\napplication protocol stream protected by TLS. Specifically arbitrary\nHTTP requests can be injected in a HTTPS session where attacker (MITM)\nblocks HTTPS session initiation between client and server, establishes\nHTTPS session with the server itself, injects HTTP data and initiates\nTLS renegotiation with the server. Then attacker allows the\nrenegotiation to occur between the client and the server. After\nsuccessful HTTPS session establishment with the server, now the client\nsends its HTTP request along with its HTTP credentials (cookie) to the\nserver. However due to format of attacker\u0027s injected HTTP data, the\nclient\u0027s HTTP request is not processed, rather the attacker\u0027s HTTP\nrequest gets executed with credentials of the client. The attacker is\nnot able to view the results of the injected HTTP request due to the\nfact that data between the client and the server is encrypted over\nHTTPS. \n\nArubaOS itself does not initiate TLS renegotiation at any point. The only ArubaOS component that seems affected\nby this issue is the HTTPS WebUI administration interface. \n\nPre-requisites for this attack :\n 1. The attacker must be able to establish a MITM between the client and\nthe server (ArubaOS WebUI). \n 2. The attacker must be able to establish a successful HTTPS session\nwith the server (ArubaOS WebUI)\n 3. ArubaOS must be configured to allow certificate based HTTPS\nauthentication for WebUI clients (client certs). \n\nCaptive Portal users do not seem vulnerable to this issue unless somehow\nclient certificates are being used to authenticate captive portal users. \n\nCVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n\nWORKAROUNDS\n\nAruba Networks recommends that all customers apply the appropriate\npatch(es) as soon as practical. However, in the event that a patch\ncannot immediately be applied, the following steps will help to mitigate\nthe risk:\n\n- - - Disable certificate based HTTPS authentication (and only allow\nusername-password based authentication) for WebUI clients. Client\u0027s\nusername-password authentication POST request will prohibit attacker\u0027s\ninjected HTTP data from executing with client\u0027s cookie. \n CLI command: web-server mgmt-auth username/password\n\n- - - Permit certificate based HTTPS authentication ONLY and disable\nusername-password based authentication to WebUI. This will prohibit\nattacker from establishing a HTTPS session with ArubaOS (for MITM)\nwithout a valid client cert. \n\t CLI command: web-server mgmt-auth certificate\n\t\n\tNote: This step won\u0027t stop command injection from attackers who have\nvalid client certificates but their assigned management role privileges\nare lower than that of the admin. This attack may allow them to run\ncommands at higher privilege than what is permitted in their role. \n\n- - - Do not expose the Mobility Controller administrative interface to\nuntrusted networks such as the Internet. \n\n\n\nSOLUTION\n\nAruba Networks recommends that all customers apply the appropriate\npatch(es) as soon as practical. \n\nThe following patches have the fix (any newer patch will also have the fix):\n\n- - - - 2.5.6.24\n- - - - 3.3.2.23\n- - - - 3.3.3.2\n- - - - 3.4.0.7\n- - - - 3.4.1.1\n- - - - RN 3.1.4\n\nPlease contact Aruba support for obtaining patched FIPS releases. \n\nPlease note: We highly recommend that you upgrade your Mobility\nController to the latest available patch on the Aruba support site\ncorresponding to your currently installed release. \n\n\nREFERENCES\n\n[1] http://extendedsubset.com/?p=8\n\n[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n\n\n\n\n+----------------------------------------------------\n\nOBTAINING FIXED FIRMWARE\n\nAruba customers can obtain the firmware on the support website:\n\thttp://www.arubanetworks.com/support. \n\nAruba Support contacts are as follows:\n\n\t1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)\n\n\t+1-408-754-1200 (toll call from anywhere in the world)\n\n\te-mail: support(at)arubanetworks.com\n\nPlease, do not contact either \"wsirt(at)arubanetworks.com\" or\n\"security(at)arubanetworks.com\" for software upgrades. \n\n\nEXPLOITATION AND PUBLIC ANNOUNCEMENTS\n\nThis vulnerability will be announced at\n\nAruba W.S.I.R.T. Advisory:\nhttp://www.arubanetworks.com/support/alerts/aid-020810.txt\n\nSecurityFocus Bugtraq\nhttp://www.securityfocus.com/archive/1\n\n\nSTATUS OF THIS NOTICE: Final\n\nAlthough Aruba Networks cannot guarantee the accuracy of all statements\nin this advisory, all of the facts have been checked to the best of our\nability. Aruba Networks does not anticipate issuing updated versions of\nthis advisory unless there is some material change in the facts. Should\nthere be a significant change in the facts, Aruba Networks may update\nthis advisory. \n\nA stand-alone copy or paraphrase of the text of this security advisory\nthat omits the distribution URL in the following section is an uncontrolled\ncopy, and may lack important information or contain factual errors. \n\n\nDISTRIBUTION OF THIS ANNOUNCEMENT\n\nThis advisory will be posted on Aruba\u0027s website at:\nhttp://www.arubanetworks.com/support/alerts/aid-020810.txt\n\n\nFuture updates of this advisory, if any, will be placed on Aruba\u0027s worldwide\nwebsite, but may or may not be actively announced on mailing lists or\nnewsgroups. Users concerned about this problem are encouraged to check the\nabove URL for any updates. \n\n\nREVISION HISTORY\n\n Revision 1.0 / 02-08-2010 / Initial release\n\n\nARUBA WSIRT SECURITY PROCEDURES\n\nComplete information on reporting security vulnerabilities in Aruba Networks\nproducts, obtaining assistance with security incidents is available at\n http://www.arubanetworks.com/support/wsirt.php\n\n\nFor reporting *NEW* Aruba Networks security issues, email can be sent to\nwsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive\ninformation we encourage the use of PGP encryption. Our public keys can be\nfound at\n\thttp://www.arubanetworks.com/support/wsirt.php\n\n\n (c) Copyright 2010 by Aruba Networks, Inc. \nThis advisory may be redistributed freely after the release date given at\nthe top of the text, provided that redistributed copies are complete and\nunmodified, including all date and version information. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.14 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n\niEYEARECAAYFAktwksYACgkQp6KijA4qefXErQCeKJW3YU3Nl7JY4+2Hp2zqM3bN\nbWAAoJWQT+yeWX2q+02hNEwHWQtGf1YP\n=CrHf\n-----END PGP SIGNATURE-----\n. Transport Layer Security (TLS) is a protocol for ensuring the privacy of communication applications and their users over the Internet. Service (DoS)\n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01963123\nVersion: 1\n\nHPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of\n\nService (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-12-21\nLast Updated: 2009-12-21\n\nPotential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running Apache v2.0.59.12 and earlier. The\n\nvulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS). \n\nReferences: CVE-2009-3555\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.12 and previous. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following temporary software updates to resolve the vulnerability. \n\nNOTE: The vulnerability is resolved in OpenSSL 0.9.8l. HP-UX Apache v2.0.59.X versions use statically linked\n\nlibraries. HP-UX Apache v2.0.59.13 is compiled with OpenSSL 0.9.8l. Other versions of HP-UX Apache require the\n\nHP-UX OpenSSL packages recommended in HPSBUX02482 SSRT090249, available here\n\nhttp://www.itrc.hp.com/service/cki/secBullArchive.do\n\nTo review previously published Security Bulletins visit http://www.itrc.hp.com/service/cki/secBullArchive.do\n\nThe depots are available are available using ftp. \nHost / Account / Password\n\nftp.usa.hp.com / sb02498 / Secure12\n\nHP-UX Release / Temporary Depot name / SHA-1 Sum\n\nB.11.11 (IPv4 and IPv6) / Apache 2.0.59.13 PA-64-32-1111.depot /\n 3B6BE547403C28926482192408D5D5AB603A403D\n\nB.11.23 PA-32 / Apache 2.0.59.13 IA-PA-32-1123.depot /\n 4809BAF0F83F78F60B7EC73FAF584D221B1CB4A7\n\nB.11.23 IA-64 / Apache 2.0.59.13 IA-PA-64-1123.depot /\n 1D65F7D49883399F4D202E16754CF7DAE71E3B47\n\nB.11.31 PA-32 / Apache 2.0.59.13 IA-PA-32-1131.depot /\n 943E21D4621B480B5E8E651ACB605B8F7EA47304\n\nB.11.31 IA-64 / Apache 2.0.59.13 IA-PA-64-1131.depot /\n B8836FDB73434A3C26FB411E3F7CB3211129E5AC\n\nMANUAL ACTIONS: Yes\nInstall Apache v2.0.59.13 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security\n\nPatch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a\n\nspecific HP-UX system. It can also download patches and create a depot automatically. For more information\n\nsee: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nFor Apache IPv4 and IPv6\nHP-UX B.11.11\n=============\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.13 or subsequent\n\nHP-UX B.11.23\n=============\nhpuxwsAPCH32.APACHE\nhpuxwsAPCH32.APACHE2\nhpuxwsAPCH32.AUTH_LDAP\nhpuxwsAPCH32.AUTH_LDAP2\nhpuxwsAPCH32.MOD_JK\nhpuxwsAPCH32.MOD_JK2\nhpuxwsAPCH32.MOD_PERL\nhpuxwsAPCH32.MOD_PERL2\nhpuxwsAPCH32.PHP\nhpuxwsAPCH32.PHP2\nhpuxwsAPCH32.WEBPROXY\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.13 or subsequent\n\nHP-UX B.11.31\n=============\nhpuxwsAPCH32.APACHE\nhpuxwsAPCH32.APACHE2\nhpuxwsAPCH32.AUTH_LDAP\nhpuxwsAPCH32.AUTH_LDAP2\nhpuxwsAPCH32.MOD_JK\nhpuxwsAPCH32.MOD_JK2\nhpuxwsAPCH32.MOD_PERL\nhpuxwsAPCH32.MOD_PERL2\nhpuxwsAPCH32.PHP\nhpuxwsAPCH32.PHP2\nhpuxwsAPCH32.WEBPROXY\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.13 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 21 December 2009 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\nReferences: CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740. \nThe upgrades are available from the following location. \n\nFor Debian 7 (wheezy) this update adds a missing part to make it\nactually possible to disable client-initiated renegotiation and\ndisables it by default (CVE-2009-3555). TLS compression is disabled\n(CVE-2012-4929), although this is normally already disabled by the OpenSSL\nsystem library. Finally it adds the ability to disable the SSLv3 protocol\n(CVE-2014-3566) entirely via the new \"DisableSSLv3\" configuration\ndirective, although it will not disabled by default in this update. \n\nFor Debian 8 (jessie) these issues have been fixed prior to the release,\nwith the exception of client-initiated renegotiation (CVE-2009-3555). \nThis update addresses that issue for jessie. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 2.6-2+deb7u1. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.6-6+deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6-6.1. \n\nWe recommend that you upgrade your pound packages. ----------------------------------------------------------------------\n\n\nSecunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management\n\nFree webinars\n\nhttp://secunia.com/vulnerability_scanning/corporate/webinars/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nOpenOffice.org Data Manipulation and Code Execution Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA40070\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40070/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40070\n\nRELEASE DATE:\n2010-06-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40070/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40070/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40070\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in OpenOffice.org, which can\nbe exploited by malicious people to manipulate certain data or\ncompromise a user\u0027s system. \n\n1) An error in the TLS protocol while handling session\nre-negotiations in included libraries can be exploited to manipulate\nsession data. \n\nFor more information see vulnerability #1 in:\nSA37291\n\n2) An error when exploring python code through the scripting IDE can\nbe exploited to potentially execute arbitrary code. \n\nThe vulnerabilities are reported in versions prior to 3.2.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.openoffice.org/security/cves/CVE-2009-3555.html\nhttp://www.openoffice.org/security/cves/CVE-2010-0395.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This could force the server to\n process an attacker\u0026#039;s request as if authenticated using the victim\u0026#039;s\n credentials. \n \n The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28,\n and 3.1.x before 3.1.7 does not properly consider timing side-channel\n attacks on a noncompliant MAC check operation during the processing\n of malformed CBC padding, which allows remote attackers to conduct\n distinguishing attacks and plaintext-recovery attacks via statistical\n analysis of timing data for crafted packets, a related issue to\n CVE-2013-0169 (CVE-2013-1619). \n \n The updated packages have been patched to correct these issues. \nHP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Due\nto a bug in lighttpd, the server fails to start in some configurations\nif using the updated openssl libraries. \n\nThe packages for the hppa, mips, and mipsel architectures are not yet\navailable. They will be released as soon as they have been built", "sources": [ { "db": "NVD", "id": "CVE-2009-3555" }, { "db": "JVNDB", "id": "JVNDB-2011-001632" }, { "db": "CERT/CC", "id": "VU#120541" }, { "db": "PACKETSTORM", "id": "100765" }, { "db": "PACKETSTORM", "id": "82799" }, { "db": "PACKETSTORM", "id": "94088" }, { "db": "PACKETSTORM", "id": "83521" }, { "db": "PACKETSTORM", "id": "88167" }, { "db": "PACKETSTORM", "id": "86075" }, { "db": "VULHUB", "id": "VHN-41001" }, { "db": "PACKETSTORM", "id": "84183" }, { "db": "PACKETSTORM", "id": "88387" }, { "db": "PACKETSTORM", "id": "131826" }, { "db": "PACKETSTORM", "id": "90344" }, { "db": "PACKETSTORM", "id": "84181" }, { "db": "PACKETSTORM", "id": "120714" }, { "db": "PACKETSTORM", "id": "89667" }, { "db": "PACKETSTORM", "id": "111920" }, { "db": "PACKETSTORM", "id": "97489" } ], "trust": 3.78 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-41001", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-41001" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2009-3555", "trust": 4.9 }, { "db": "CERT/CC", "id": "VU#120541", "trust": 1.9 }, { "db": "SECUNIA", "id": "40070", "trust": 1.3 }, { "db": "SECUNIA", "id": "38781", "trust": 1.1 }, { "db": "SECUNIA", "id": "42377", "trust": 1.1 }, { "db": "SECUNIA", "id": "37501", "trust": 1.1 }, { "db": "SECUNIA", "id": "39632", "trust": 1.1 }, { "db": "SECUNIA", "id": "37604", "trust": 1.1 }, { "db": "SECUNIA", "id": "41972", "trust": 1.1 }, { "db": "SECUNIA", "id": "43308", "trust": 1.1 }, { "db": "SECUNIA", "id": "38241", "trust": 1.1 }, { "db": "SECUNIA", "id": "37859", "trust": 1.1 }, { "db": "SECUNIA", "id": "41818", "trust": 1.1 }, { "db": "SECUNIA", "id": "39292", "trust": 1.1 }, { "db": "SECUNIA", "id": "42816", "trust": 1.1 }, { "db": "SECUNIA", "id": "42379", "trust": 1.1 }, { "db": "SECUNIA", "id": "39317", "trust": 1.1 }, { "db": "SECUNIA", "id": "38020", "trust": 1.1 }, { "db": "SECUNIA", "id": "42467", "trust": 1.1 }, { "db": "SECUNIA", "id": "37320", "trust": 1.1 }, { "db": "SECUNIA", "id": "37640", "trust": 1.1 }, { "db": "SECUNIA", "id": "37656", "trust": 1.1 }, { "db": "SECUNIA", "id": "37383", "trust": 1.1 }, { "db": "SECUNIA", "id": "42724", "trust": 1.1 }, { "db": "SECUNIA", "id": "38003", "trust": 1.1 }, { "db": "SECUNIA", "id": "44183", "trust": 1.1 }, { "db": "SECUNIA", "id": "42733", "trust": 1.1 }, { "db": "SECUNIA", "id": "38484", "trust": 1.1 }, { "db": "SECUNIA", "id": "40545", "trust": 1.1 }, { "db": "SECUNIA", "id": "40866", "trust": 1.1 }, { "db": "SECUNIA", "id": "39242", "trust": 1.1 }, { "db": "SECUNIA", "id": "38056", "trust": 1.1 }, { "db": "SECUNIA", "id": "39278", "trust": 1.1 }, { "db": "SECUNIA", "id": "39243", "trust": 1.1 }, { "db": "SECUNIA", "id": "42808", "trust": 1.1 }, { "db": "SECUNIA", "id": "37675", "trust": 1.1 }, { "db": "SECUNIA", "id": "39127", "trust": 1.1 }, { "db": "SECUNIA", "id": "39461", "trust": 1.1 }, { "db": "SECUNIA", "id": "39819", "trust": 1.1 }, { "db": "SECUNIA", "id": "37453", "trust": 1.1 }, { "db": "SECUNIA", "id": "40747", "trust": 1.1 }, { "db": "SECUNIA", "id": "41490", "trust": 1.1 }, { "db": "SECUNIA", "id": "39628", "trust": 1.1 }, { "db": "SECUNIA", "id": "44954", "trust": 1.1 }, { "db": "SECUNIA", "id": "39500", "trust": 1.1 }, { "db": "SECUNIA", "id": "48577", "trust": 1.1 }, { "db": "SECUNIA", "id": "42811", "trust": 1.1 }, { "db": "SECUNIA", "id": "37291", "trust": 1.1 }, { "db": "SECUNIA", "id": "41480", "trust": 1.1 }, { "db": "SECUNIA", "id": "37292", "trust": 1.1 }, { "db": "SECUNIA", "id": "37399", "trust": 1.1 }, { "db": "SECUNIA", "id": "39713", "trust": 1.1 }, { "db": "SECUNIA", "id": "38687", "trust": 1.1 }, { "db": "SECUNIA", "id": "37504", "trust": 1.1 }, { "db": "SECUNIA", "id": "39136", "trust": 1.1 }, { "db": "SECUNIA", "id": "41967", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023217", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023273", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023274", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023206", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023272", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023427", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023218", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023163", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023214", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023211", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023219", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023216", "trust": 1.1 }, { "db": "SECTRACK", "id": "1024789", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023148", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023213", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023271", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023243", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023209", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023215", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023208", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023411", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023204", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023224", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023210", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023207", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023426", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023428", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023205", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023275", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023270", "trust": 1.1 }, { "db": "SECTRACK", "id": "1023212", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-2745", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2009-3353", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-3069", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-0086", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2009-3354", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2009-3484", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-1793", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2009-3310", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-0982", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0033", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2009-3220", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-2010", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-1639", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-1107", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-3126", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-0916", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2009-3164", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0032", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0086", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2009-3313", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-0748", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-1350", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2009-3521", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-0994", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-3086", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-1191", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-0173", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2009-3587", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-0933", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2009-3205", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-1054", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-0848", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-1673", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2009-3165", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/05/3", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/07/3", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/23/10", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/05/5", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/20/1", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/06/3", "trust": 1.1 }, { "db": "OSVDB", "id": "65202", "trust": 1.1 }, { "db": "OSVDB", "id": "62210", "trust": 1.1 }, { "db": "OSVDB", "id": "60521", "trust": 1.1 }, { "db": "OSVDB", "id": "60972", "trust": 1.1 }, { "db": "HITACHI", "id": "HS10-030", "trust": 1.1 }, { "db": "USCERT", "id": "TA10-222A", "trust": 1.1 }, { "db": "USCERT", "id": "TA10-287A", "trust": 1.1 }, { "db": "BID", "id": "36935", "trust": 1.1 }, { "db": "ICS CERT", "id": "ICSA-22-160-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95298925", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2009-002319", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2011-001632", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "88167", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "120714", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "97489", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "131826", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "94088", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "89667", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "84183", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "86075", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "84181", "trust": 0.2 }, { "db": "EXPLOIT-DB", "id": "10071", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "10579", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "82657", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "82770", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130868", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "83271", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "90262", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "88173", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "91309", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "120365", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106155", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "83415", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111273", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "83414", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "92095", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "124088", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "82652", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "94087", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95279", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137201", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102374", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106156", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "89136", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "92497", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "88621", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "88698", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "84112", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "90286", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127267", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114810", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "88224", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123380", "trust": 0.1 }, { "db": "CNNVD", "id": "CNNVD-200911-069", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-67231", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-41001", "trust": 0.1 }, { "db": "SECUNIA", "id": "44292", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "100765", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "82799", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "83521", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "88387", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "90344", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111920", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#120541" }, { "db": "VULHUB", "id": "VHN-41001" }, { "db": "JVNDB", "id": "JVNDB-2011-001632" }, { "db": "PACKETSTORM", "id": "100765" }, { "db": "PACKETSTORM", "id": "82799" }, { "db": "PACKETSTORM", "id": "94088" }, { "db": "PACKETSTORM", "id": "83521" }, { "db": "PACKETSTORM", "id": "88167" }, { "db": "PACKETSTORM", "id": "86075" }, { "db": "PACKETSTORM", "id": "97489" }, { "db": "PACKETSTORM", "id": "84183" }, { "db": "PACKETSTORM", "id": "88387" }, { "db": "PACKETSTORM", "id": "131826" }, { "db": "PACKETSTORM", "id": "90344" }, { "db": "PACKETSTORM", "id": "84181" }, { "db": "PACKETSTORM", "id": "120714" }, { "db": "PACKETSTORM", "id": "89667" }, { "db": "PACKETSTORM", "id": "111920" }, { "db": "NVD", "id": "CVE-2009-3555" } ] }, "id": "VAR-200911-0398", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-41001" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:54:40.707000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HS11-006 Software product security information", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001632" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-295", "trust": 1.1 }, { "problemtype": "Lack of information (CWE-noinfo) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": "CWE-310", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-41001" }, { "db": "JVNDB", "id": "JVNDB-2011-001632" }, { "db": "NVD", "id": "CVE-2009-3555" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://extendedsubset.com/?p=8" }, { "trust": 1.9, "url": "http://www.links.org/?p=780" }, { "trust": 1.9, "url": "http://www.links.org/?p=786" }, { "trust": 1.9, "url": "http://www.links.org/?p=789" }, { "trust": 1.9, "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html" }, { "trust": 1.9, "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html" }, { "trust": 1.9, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "trust": 1.9, "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt" }, { "trust": 1.9, "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 1.2, "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt" }, { "trust": 1.2, "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html" }, { "trust": 1.2, "url": "http://www.openoffice.org/security/cves/cve-2009-3555.html" }, { "trust": 1.1, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1" }, { "trust": 1.1, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1" }, { "trust": 1.1, "url": "http://securitytracker.com/id?1023148" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023163" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023204" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023205" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023206" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023207" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023208" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023209" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023210" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023211" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023212" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023213" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023214" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023215" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023216" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023217" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023218" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023219" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023224" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023243" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023270" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023271" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023272" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023273" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023274" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023275" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023411" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023426" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023427" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1023428" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1024789" }, { "trust": 1.1, "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b01d1d.shtml" }, { "trust": 1.1, "url": "http://seclists.org/fulldisclosure/2009/nov/139" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "trust": 1.1, "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html" }, { "trust": 1.1, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1" }, { "trust": 1.1, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1" }, { "trust": 1.1, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/36935" }, { "trust": 1.1, "url": "http://secunia.com/advisories/37291" }, { "trust": 1.1, "url": "http://secunia.com/advisories/37292" }, { "trust": 1.1, "url": "http://secunia.com/advisories/37320" }, { "trust": 1.1, "url": "http://secunia.com/advisories/37383" }, { "trust": 1.1, "url": "http://secunia.com/advisories/37399" }, { "trust": 1.1, "url": "http://secunia.com/advisories/37453" }, { "trust": 1.1, "url": "http://secunia.com/advisories/37501" }, { "trust": 1.1, "url": "http://secunia.com/advisories/37504" }, { "trust": 1.1, "url": "http://secunia.com/advisories/37604" }, { "trust": 1.1, "url": "http://secunia.com/advisories/37640" }, { "trust": 1.1, "url": "http://secunia.com/advisories/37656" }, { "trust": 1.1, "url": "http://secunia.com/advisories/37675" }, { "trust": 1.1, "url": "http://secunia.com/advisories/37859" }, { "trust": 1.1, "url": "http://secunia.com/advisories/38003" }, { "trust": 1.1, "url": "http://secunia.com/advisories/38020" }, { "trust": 1.1, "url": "http://secunia.com/advisories/38056" }, { "trust": 1.1, "url": "http://secunia.com/advisories/38241" }, { "trust": 1.1, "url": "http://secunia.com/advisories/38484" }, { "trust": 1.1, "url": "http://secunia.com/advisories/38687" }, { "trust": 1.1, "url": "http://secunia.com/advisories/38781" }, { "trust": 1.1, "url": "http://secunia.com/advisories/39127" }, { "trust": 1.1, "url": "http://secunia.com/advisories/39136" }, { "trust": 1.1, "url": "http://secunia.com/advisories/39242" }, { "trust": 1.1, "url": "http://secunia.com/advisories/39243" }, { "trust": 1.1, "url": "http://secunia.com/advisories/39278" }, { "trust": 1.1, "url": "http://secunia.com/advisories/39292" }, { "trust": 1.1, "url": "http://secunia.com/advisories/39317" }, { "trust": 1.1, "url": "http://secunia.com/advisories/39461" }, { "trust": 1.1, "url": "http://secunia.com/advisories/39500" }, { "trust": 1.1, "url": "http://secunia.com/advisories/39628" }, { "trust": 1.1, "url": "http://secunia.com/advisories/39632" }, { "trust": 1.1, "url": "http://secunia.com/advisories/39713" }, { "trust": 1.1, "url": "http://secunia.com/advisories/39819" }, { "trust": 1.1, "url": "http://secunia.com/advisories/40070" }, { "trust": 1.1, "url": "http://secunia.com/advisories/40545" }, { "trust": 1.1, "url": "http://secunia.com/advisories/40747" }, { "trust": 1.1, "url": "http://secunia.com/advisories/40866" }, { "trust": 1.1, "url": "http://secunia.com/advisories/41480" }, { "trust": 1.1, "url": "http://secunia.com/advisories/41490" }, { "trust": 1.1, "url": "http://secunia.com/advisories/41818" }, { "trust": 1.1, "url": "http://secunia.com/advisories/41967" }, { "trust": 1.1, "url": "http://secunia.com/advisories/41972" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42377" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42379" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42467" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42724" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42733" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42808" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42811" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42816" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43308" }, { "trust": 1.1, "url": "http://secunia.com/advisories/44183" }, { "trust": 1.1, "url": "http://secunia.com/advisories/44954" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48577" }, { "trust": 1.1, "url": "http://osvdb.org/60521" }, { "trust": 1.1, "url": "http://osvdb.org/60972" }, { "trust": 1.1, "url": "http://osvdb.org/62210" }, { "trust": 1.1, "url": "http://osvdb.org/65202" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2009/3164" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2009/3165" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2009/3205" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2009/3220" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2009/3310" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2009/3313" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2009/3353" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2009/3354" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2009/3484" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2009/3521" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2009/3587" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/0086" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/0173" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/0748" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/0848" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/0916" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/0933" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/0982" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/0994" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/1054" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/1107" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/1191" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/1350" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/1639" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/1673" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/1793" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/2010" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/2745" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/3069" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/3086" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/3126" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0033" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0086" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2010/jan/msg00000.html" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2010//may/msg00001.html" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2010//may/msg00002.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2009/dsa-1934" }, { "trust": 1.1, "url": "http://www.debian.org/security/2011/dsa-2141" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3253" }, { "trust": 1.1, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01029.html" }, { "trust": 1.1, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01020.html" }, { "trust": 1.1, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html" }, { "trust": 1.1, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html" }, { "trust": 1.1, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html" }, { "trust": 1.1, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html" }, { "trust": 1.1, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html" }, { "trust": 1.1, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00634.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049702.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049528.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049455.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039561.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.1, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02436041" }, { "trust": 1.1, "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02273751" }, { "trust": 1.1, "url": "http://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/522176" }, { "trust": 1.1, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01945686" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic67848" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68054" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68055" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:076" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:084" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:089" }, { "trust": 1.1, "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0119.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0130.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0155.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0165.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0167.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0337.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0338.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0339.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0768.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0770.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0786.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0807.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0865.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0986.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0987.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0880.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "trust": 1.1, "url": "http://www.us-cert.gov/cas/techalerts/ta10-222a.html" }, { "trust": 1.1, "url": "http://www.us-cert.gov/cas/techalerts/ta10-287a.html" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-1010-1" }, { "trust": 1.1, "url": "http://ubuntu.com/usn/usn-923-1" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-927-1" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-927-4" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-927-5" }, { "trust": 1.1, "url": "http://www.kb.cert.org/vuls/id/120541" }, { "trust": 1.1, "url": "http://openbsd.org/errata45.html#010_openssl" }, { "trust": 1.1, "url": "http://openbsd.org/errata46.html#004_openssl" }, { "trust": 1.1, "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "trust": 1.1, "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.1, "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html" }, { "trust": 1.1, "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during" }, { "trust": 1.1, "url": "http://clicky.me/tlsvuln" }, { "trust": 1.1, "url": "http://extendedsubset.com/renegotiating_tls.pdf" }, { "trust": 1.1, "url": "http://kbase.redhat.com/faq/docs/doc-20491" }, { "trust": 1.1, "url": "http://support.apple.com/kb/ht4004" }, { "trust": 1.1, "url": "http://support.apple.com/kb/ht4170" }, { "trust": 1.1, "url": "http://support.apple.com/kb/ht4171" }, { "trust": 1.1, "url": "http://support.avaya.com/css/p8/documents/100070150" }, { "trust": 1.1, "url": "http://support.avaya.com/css/p8/documents/100081611" }, { "trust": 1.1, "url": "http://support.avaya.com/css/p8/documents/100114315" }, { "trust": 1.1, "url": "http://support.avaya.com/css/p8/documents/100114327" }, { "trust": 1.1, "url": "http://support.citrix.com/article/ctx123359" }, { "trust": 1.1, "url": "http://support.zeus.com/zws/media/docs/4.3/release_notes" }, { "trust": 1.1, "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released" }, { "trust": 1.1, "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt" }, { "trust": 1.1, "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html" }, { "trust": 1.1, "url": "http://wiki.rpath.com/advisories:rpsa-2009-0155" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312" }, { "trust": 1.1, "url": "http://www.betanews.com/article/1257452450" }, { "trust": 1.1, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-030/index.html" }, { "trust": 1.1, "url": "http://www.ingate.com/relnote.php?ver=481" }, { "trust": 1.1, "url": "http://www.openssl.org/news/secadv_20091111.txt" }, { "trust": 1.1, "url": "http://www.opera.com/docs/changelogs/unix/1060/" }, { "trust": 1.1, "url": "http://www.opera.com/support/search/view/944/" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" }, { "trust": 1.1, "url": "http://www.proftpd.org/docs/release_notes-1.3.2c" }, { "trust": 1.1, "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html" }, { "trust": 1.1, "url": "http://www.tombom.co.uk/blog/?p=85" }, { "trust": 1.1, "url": "http://www.vmware.com/security/advisories/vmsa-2010-0019.html" }, { "trust": 1.1, "url": "http://www.vmware.com/security/advisories/vmsa-2011-0003.html" }, { "trust": 1.1, "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "trust": 1.1, "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html" }, { "trust": 1.1, "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689" }, { "trust": 1.1, "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888" }, { "trust": 1.1, "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10088" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11578" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11617" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7315" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7478" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7973" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8366" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8535" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158" }, { "trust": 1.1, "url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2" }, { "trust": 1.0, "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446" }, { "trust": 1.0, "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=pm00675\u0026apar=only" }, { "trust": 1.0, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa50" }, { "trust": 0.8, "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html" }, { "trust": 0.8, "url": "http://cvs.openssl.org/chngview?cn=18790" }, { "trust": 0.8, "url": "http://www.links.org/files/no-renegotiation-2.patch" }, { "trust": 0.8, "url": "http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95298925/" }, { "trust": 0.8, "url": "http://jvndb.jvn.jp/ja/contents/2009/jvndb-2009-002319.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3555" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-160-01" }, { "trust": 0.5, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555" }, { "trust": 0.3, "url": "http://www.mandriva.com/security/" }, { "trust": 0.3, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.3, "url": "http://www.debian.org/security/" }, { "trust": 0.3, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.3, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.3, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.2, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.2, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.2, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.2, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095" }, { "trust": 0.2, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz" }, { "trust": 0.2, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz" }, { "trust": 0.2, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz" }, { "trust": 0.2, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3094" }, { "trust": 0.2, "url": "http://www.debian.org/security/faq" }, { "trust": 0.2, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=132077688910227\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=127419602507642\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=134254866602253\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=130497311408250\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=133469267822771\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=126150535619567\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=127128920008563\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=127557596201693\u0026amp;w=2" }, { "trust": 0.1, "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026amp;q=pm00675\u0026amp;apar=only" }, { "trust": 0.1, "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2009\u0026amp;m=slackware-security.597446" }, { "trust": 0.1, "url": "http://marc.info/?l=apache-httpd-announce\u0026amp;m=125755783724966\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=cryptography\u0026amp;m=125752275331877\u0026amp;w=2" }, { "trust": 0.1, "url": "https://kb.bluecoat.com/index?page=content\u0026amp;id=sa50" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44292/" }, { "trust": 0.1, "url": "http://secunia.com/research/" }, { "trust": 0.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#appendixas" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44292" }, { "trust": 0.1, "url": "http://secunia.com/company/jobs/open_positions/reverse_engineer" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44292/#comments" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.7.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.11_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.2_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.11_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.18_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.11_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.2_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.2_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.7.diff.gz" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.7_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.11_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.3.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.11_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.11_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.2_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.11_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.18_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.11_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.11_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.11_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.2_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.11_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.14-5ubuntu8.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.2_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.11_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.3_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.3_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.2_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.11_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.3.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.11_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.2_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.2_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.18_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.11_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.2_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.11_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.11_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.18_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.7_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.2_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.11_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.2_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.11_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.11_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.11_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.11_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.7_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.3_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.11_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.3_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.11_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.11_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.3_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.2_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.2_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.18.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.11_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.11_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.3_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.2_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.3_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.11_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.11_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.11_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.18.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.11_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.11_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.11_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.11_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.11_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.11_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.11_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.2_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslinsecurerenegotiation" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1195" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1890" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1890" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1678" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2939" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1195" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3095" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1891" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1191" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1191" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1678" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3094" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://www.arubanetworks.com/support." }, { "trust": 0.1, "url": "http://enigmail.mozdev.org/" }, { "trust": 0.1, "url": "http://www.arubanetworks.com/support/wsirt.php" }, { "trust": 0.1, "url": "http://www.securityfocus.com/archive/1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0740" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0433" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4355" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4929" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.1, "url": "http://www.openoffice.org/security/cves/cve-2010-0395.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/40070/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/webinars/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/40070/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40070" }, { "trust": 0.1, "url": "http://bugs.proftpd.org/show_bug.cgi?id=3324" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1619" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1619" }, { "trust": 0.1, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-6a3f2fa832db4ddf9b3398f04c" }, { "trust": 0.1, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-1b189d95582249b58d9ca94c45" }, { "trust": 0.1, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-4311cc1b61fd42a4874b13d714" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java.html" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901" } ], "sources": [ { "db": "CERT/CC", "id": "VU#120541" }, { "db": "VULHUB", "id": "VHN-41001" }, { "db": "JVNDB", "id": "JVNDB-2011-001632" }, { "db": "PACKETSTORM", "id": "100765" }, { "db": "PACKETSTORM", "id": "82799" }, { "db": "PACKETSTORM", "id": "94088" }, { "db": "PACKETSTORM", "id": "83521" }, { "db": "PACKETSTORM", "id": "88167" }, { "db": "PACKETSTORM", "id": "86075" }, { "db": "PACKETSTORM", "id": "97489" }, { "db": "PACKETSTORM", "id": "84183" }, { "db": "PACKETSTORM", "id": "88387" }, { "db": "PACKETSTORM", "id": "131826" }, { "db": "PACKETSTORM", "id": "90344" }, { "db": "PACKETSTORM", "id": "84181" }, { "db": "PACKETSTORM", "id": "120714" }, { "db": "PACKETSTORM", "id": "89667" }, { "db": "PACKETSTORM", "id": "111920" }, { "db": "NVD", "id": "CVE-2009-3555" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#120541" }, { "db": "VULHUB", "id": "VHN-41001" }, { "db": "JVNDB", "id": "JVNDB-2011-001632" }, { "db": "PACKETSTORM", "id": "100765" }, { "db": "PACKETSTORM", "id": "82799" }, { "db": "PACKETSTORM", "id": "94088" }, { "db": "PACKETSTORM", "id": "83521" }, { "db": "PACKETSTORM", "id": "88167" }, { "db": "PACKETSTORM", "id": "86075" }, { "db": "PACKETSTORM", "id": "97489" }, { "db": "PACKETSTORM", "id": "84183" }, { "db": "PACKETSTORM", "id": "88387" }, { "db": "PACKETSTORM", "id": "131826" }, { "db": "PACKETSTORM", "id": "90344" }, { "db": "PACKETSTORM", "id": "84181" }, { "db": "PACKETSTORM", "id": "120714" }, { "db": "PACKETSTORM", "id": "89667" }, { "db": "PACKETSTORM", "id": "111920" }, { "db": "NVD", "id": "CVE-2009-3555" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-11-11T00:00:00", "db": "CERT/CC", "id": "VU#120541" }, { "date": "2009-11-09T00:00:00", "db": "VULHUB", "id": "VHN-41001" }, { "date": "2011-05-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001632" }, { "date": "2011-04-24T07:03:17", "db": "PACKETSTORM", "id": "100765" }, { "date": "2009-11-19T18:46:00", "db": "PACKETSTORM", "id": "82799" }, { "date": "2010-09-21T22:55:35", "db": "PACKETSTORM", "id": "94088" }, { "date": "2009-12-07T21:57:59", "db": "PACKETSTORM", "id": "83521" }, { "date": "2010-04-07T02:30:56", "db": "PACKETSTORM", "id": "88167" }, { "date": "2010-02-09T18:53:40", "db": "PACKETSTORM", "id": "86075" }, { "date": "2011-01-13T03:33:06", "db": "PACKETSTORM", "id": "97489" }, { "date": "2009-12-22T20:50:12", "db": "PACKETSTORM", "id": "84183" }, { "date": "2010-04-15T22:26:05", "db": "PACKETSTORM", "id": "88387" }, { "date": "2015-05-08T13:32:34", "db": "PACKETSTORM", "id": "131826" }, { "date": "2010-06-07T16:47:06", "db": "PACKETSTORM", "id": "90344" }, { "date": "2009-12-22T20:42:09", "db": "PACKETSTORM", "id": "84181" }, { "date": "2013-03-08T04:15:53", "db": "PACKETSTORM", "id": "120714" }, { "date": "2010-05-19T05:44:26", "db": "PACKETSTORM", "id": "89667" }, { "date": "2012-04-17T20:41:11", "db": "PACKETSTORM", "id": "111920" }, { "date": "2009-11-09T17:30:00.407000", "db": "NVD", "id": "CVE-2009-3555" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#120541" }, { "date": "2023-02-13T00:00:00", "db": "VULHUB", "id": "VHN-41001" }, { "date": "2022-06-13T05:59:00", "db": "JVNDB", "id": "JVNDB-2011-001632" }, { "date": "2023-02-13T02:20:27.983000", "db": "NVD", "id": "CVE-2009-3555" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "120714" } ], "trust": 0.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SSL and TLS protocols renegotiation vulnerability", "sources": [ { "db": "CERT/CC", "id": "VU#120541" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "arbitrary", "sources": [ { "db": "PACKETSTORM", "id": "82799" }, { "db": "PACKETSTORM", "id": "94088" }, { "db": "PACKETSTORM", "id": "86075" }, { "db": "PACKETSTORM", "id": "120714" } ], "trust": 0.4 } }
var-202106-1909
Vulnerability from variot
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. NGINX Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. NGINX has a security vulnerability before 1.13.6. The vulnerability stems from the fact that when the autoindex module encounters this file, it will cause an integer overflow. ========================================================================== Ubuntu Security Notice USN-5109-1 October 18, 2021
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
A security issue was fixed in nginx.
Software Description: - nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that nginx incorrectly handled files with certain modification dates. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: nginx 1.10.3-0ubuntu0.16.04.5+esm2
Ubuntu 14.04 ESM: nginx 1.4.6-1ubuntu3.9+esm3
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5109-1 CVE-2017-20005
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1909", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.13.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "nginx", "scope": null, "trust": 0.8, "vendor": "f5", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-015095" }, { "db": "NVD", "id": "CVE-2017-20005" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.13.6", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-20005" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ubuntu", "sources": [ { "db": "PACKETSTORM", "id": "164541" } ], "trust": 0.1 }, "cve": "CVE-2017-20005", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2017-20005", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-394033", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2017-20005", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-20005", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202106-378", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-394033", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-394033" }, { "db": "JVNDB", "id": "JVNDB-2017-015095" }, { "db": "NVD", "id": "CVE-2017-20005" }, { "db": "CNNVD", "id": "CNNVD-202106-378" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. NGINX Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. NGINX has a security vulnerability before 1.13.6. The vulnerability stems from the fact that when the autoindex module encounters this file, it will cause an integer overflow. ==========================================================================\nUbuntu Security Notice USN-5109-1\nOctober 18, 2021\n\nnginx vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nA security issue was fixed in nginx. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nIt was discovered that nginx incorrectly handled files with\ncertain modification dates. A remote attacker could possibly\nuse this issue to cause a denial of service or other unspecified\nimpact. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n nginx 1.10.3-0ubuntu0.16.04.5+esm2\n\nUbuntu 14.04 ESM:\n nginx 1.4.6-1ubuntu3.9+esm3\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5109-1\n CVE-2017-20005\n", "sources": [ { "db": "NVD", "id": "CVE-2017-20005" }, { "db": "JVNDB", "id": "JVNDB-2017-015095" }, { "db": "VULHUB", "id": "VHN-394033" }, { "db": "PACKETSTORM", "id": "164541" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-20005", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2017-015095", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202106-378", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164541", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.3462", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1974", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-394033", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-394033" }, { "db": "JVNDB", "id": "JVNDB-2017-015095" }, { "db": "PACKETSTORM", "id": "164541" }, { "db": "NVD", "id": "CVE-2017-20005" }, { "db": "CNNVD", "id": "CNNVD-202106-378" } ] }, "id": "VAR-202106-1909", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-394033" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:12:31.169000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "#1368\u00a0closed\u00a0defect\u00a0(fixed)", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-015095" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-190", "trust": 1.1 }, { "problemtype": "Integer overflow or wraparound (CWE-190) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-394033" }, { "db": "JVNDB", "id": "JVNDB-2017-015095" }, { "db": "NVD", "id": "CVE-2017-20005" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20210805-0006/" }, { "trust": 1.7, "url": "http://nginx.org/en/changes" }, { "trust": 1.7, "url": "https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf" }, { "trust": 1.7, "url": "https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b" }, { "trust": 1.7, "url": "https://trac.nginx.org/nginx/ticket/1368" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-20005" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3462" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164541/ubuntu-security-notice-usn-5109-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1974" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-5109-1" } ], "sources": [ { "db": "VULHUB", "id": "VHN-394033" }, { "db": "JVNDB", "id": "JVNDB-2017-015095" }, { "db": "PACKETSTORM", "id": "164541" }, { "db": "NVD", "id": "CVE-2017-20005" }, { "db": "CNNVD", "id": "CNNVD-202106-378" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-394033" }, { "db": "JVNDB", "id": "JVNDB-2017-015095" }, { "db": "PACKETSTORM", "id": "164541" }, { "db": "NVD", "id": "CVE-2017-20005" }, { "db": "CNNVD", "id": "CNNVD-202106-378" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-06T00:00:00", "db": "VULHUB", "id": "VHN-394033" }, { "date": "2022-02-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-015095" }, { "date": "2021-10-18T14:55:13", "db": "PACKETSTORM", "id": "164541" }, { "date": "2021-06-06T22:15:08.417000", "db": "NVD", "id": "CVE-2017-20005" }, { "date": "2021-06-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-378" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-394033" }, { "date": "2022-02-22T07:06:00", "db": "JVNDB", "id": "JVNDB-2017-015095" }, { "date": "2021-12-02T19:43:01.953000", "db": "NVD", "id": "CVE-2017-20005" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-378" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "164541" }, { "db": "CNNVD", "id": "CNNVD-202106-378" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NGINX\u00a0 Integer overflow vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-015095" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-378" } ], "trust": 0.6 } }
var-201006-0492
Vulnerability from variot
nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. Nginx is prone to a denial-of-service vulnerability. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. There are security holes in nginx
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201006-0492", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.7.52" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "0.8.40" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "0.7.67" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.8.0" }, { "model": "nginx", "scope": "eq", "trust": 0.9, "vendor": "nginx", "version": "0.8.36" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.36" } ], "sources": [ { "db": "BID", "id": "78928" }, { "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "db": "NVD", "id": "CVE-2010-2266" }, { "db": "CNNVD", "id": "CNNVD-201006-226" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.67", "versionStartIncluding": "0.7.52", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.8.40", "versionStartIncluding": "0.8.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-2266" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "78928" } ], "trust": 0.3 }, "cve": "CVE-2010-2266", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2010-2266", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-44871", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-2266", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201006-226", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-44871", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-44871" }, { "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "db": "NVD", "id": "CVE-2010-2266" }, { "db": "CNNVD", "id": "CNNVD-201006-226" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the \"%c0.%c0.\" sequence. Nginx is prone to a denial-of-service vulnerability. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. There are security holes in nginx", "sources": [ { "db": "NVD", "id": "CVE-2010-2266" }, { "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "db": "BID", "id": "78928" }, { "db": "VULHUB", "id": "VHN-44871" } ], "trust": 1.98 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-44871", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-44871" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-2266", "trust": 2.8 }, { "db": "EXPLOIT-DB", "id": "13818", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2010-004871", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201006-226", "trust": 0.7 }, { "db": "BID", "id": "78928", "trust": 0.4 }, { "db": "SEEBUG", "id": "SSVID-88008", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-88038", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-44871", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-44871" }, { "db": "BID", "id": "78928" }, { "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "db": "NVD", "id": "CVE-2010-2266" }, { "db": "CNNVD", "id": "CNNVD-201006-226" } ] }, "id": "VAR-201006-0492", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-44871" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T12:31:33.340000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://nginx.org/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-004871" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.1 }, { "problemtype": "CWE-20", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-44871" }, { "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "db": "NVD", "id": "CVE-2010-2266" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.exploit-db.com/exploits/13818/" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2266" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2266" } ], "sources": [ { "db": "VULHUB", "id": "VHN-44871" }, { "db": "BID", "id": "78928" }, { "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "db": "NVD", "id": "CVE-2010-2266" }, { "db": "CNNVD", "id": "CNNVD-201006-226" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-44871" }, { "db": "BID", "id": "78928" }, { "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "db": "NVD", "id": "CVE-2010-2266" }, { "db": "CNNVD", "id": "CNNVD-201006-226" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-06-15T00:00:00", "db": "VULHUB", "id": "VHN-44871" }, { "date": "2010-06-15T00:00:00", "db": "BID", "id": "78928" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "date": "2010-06-15T14:04:24.420000", "db": "NVD", "id": "CVE-2010-2266" }, { "date": "2010-06-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201006-226" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-44871" }, { "date": "2010-06-15T00:00:00", "db": "BID", "id": "78928" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "date": "2021-11-10T15:52:53.883000", "db": "NVD", "id": "CVE-2010-2266" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201006-226" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201006-226" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-004871" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-201006-226" } ], "trust": 0.6 } }
var-201811-0987
Vulnerability from variot
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. nginx Contains an information disclosure vulnerability.Information obtained and denial of service (DoS) May be in a state. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Versions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability is caused by the program not processing MP4 files correctly.
For the stable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u2.
We recommend that you upgrade your nginx packages.
For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvkq1wACgkQEMKTtsN8 TjY+Sw//eT499ax9D25pWjbpRjjJQ+WG5m7xL3zoCJfWymNmQnsgiV7/gGbpOvAV n6OG/Ckq946v0Du4YFiCDlkPY4P5WJR2/qnBNJPbFEcMssJJbuhpZCLAKSMFjm9A 2IZYGGHZDMGcEo9ZSEDJX/nViSpbN+Y8koTXX43ORizeKhmOWVY0Dm7gqm2DESti CQ0EVQyMSqZisiZumoDjn0FrvkQnxvO4GONfYTUcsZf8z4yb03r7rzO/wDgu9JvU 8+L7cgMcq5TFT3LoZ/LvrJOv8GbMa5SUwqp84ePEZMtAH4NYFIyijOF05MKox7Pq zRO/NTkoIQ7/mfz6dHFRl54Ac5iEGnjL7ksC6zL1rD+W2E+JXOnHUpRdmjQ7CvdA /5GnyZSJbvD6D7/c5MBXU8r60ALXc75hiL8ibXM/LExll/vOw7++/7dDqMacSx4O pQl+tduqW+55VMAyT7DKoM5+nZmq2805EH2P4W37uqE1UCh0eJkEK+bp3BLO2Adx IJM1ujtt6Euyu3c1JzZADpiOAsATLxvh1qGxvHmUeXN0ODEYAnV2mgKtZxU8+W+Z JrsrUTTzFKlmPQug7Bvx7CyZ6S/EQchjeD+Ni7W/HRtW7/eSoh0dntBjQUlg50yd K2fAQq6MD37FTHAghC243ZqqcRJDoDXtKfvKm8Zt3ZUnX3XUqVg=3QLE -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-nginx18-nginx security update Advisory ID: RHSA-2018:3652-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3652 Issue date: 2018-11-26 CVE Names: CVE-2018-16845 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
- nginx: Denial of service and memory disclosure via mp4 module (CVE-2018-16845)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank the Nginx project for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16845 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW/viKdzjgjWX9erEAQjSFA/+IYlcY+VkhYOzot4cXoMumMPj0zcn6Iuk TwHfLvfooC8KsM5PK3acSmv2526KlfWn9xi8QJ8YMIoZVX8+LPPC7gOVxmwAyYOn 4uOumQy5rulkk03UB7r6y7u34Xy5mftCXTOouOipvhiW2Na6aZWiRen7ZWRBcMMW okYWY03xJU7/OQafttfP3UUVAYiw5adZ6gAflhZA8q8JzF0RhZXnliyt4kpZ1kLj 8fr6q+9WDVdiHe9u1j1wIXwQglkPnpab+kW1k4KZ3pdJMzFr9unZURHbyDsqbxlh T5rNTFtoLO9rgksSYtkuK0D6MvxVu7MzHMl/X0IsCnFwwAjH9xbqftqX5G26pQR6 L2UlnBNnes+NG357E81aHJus6ioRpjzSsfIrFoU9N0K9llnfbEslwEr239GzF6hH sMO5vap7/i2bmYQ7++jw9jfF67K2AtFvZCa/tYWlilkWOM12BkP2HvuYXCgmtb6F 99oHxB5TyDKPb44epIvzKV/YtvoeHT6beKRIefJ3xstrq8to0f87NZhTTbk5rYt0 HPf5vLjoZO6SYequmHzn++zoAZubU+oZ3fE05jcbrJSwQeMHWLPTtBoBkmQq+l5y rYTxun0/RvYql6bZD4uHAxKzTxyAvrKw0dW+/DGNanQiwkk+/RpPrYTdMhVw4a5a ZrQQucuvvOo= =LfBW -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The following packages have been upgraded to a later upstream version: rh-nginx114-nginx (1.14.1)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0987", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.15.5" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.0.7" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.0.15" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.1.3" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.10" }, { "model": "ubuntu", "scope": null, "trust": 0.8, "vendor": "canonical", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.14.1" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.15.6" }, { "model": "enterprise linux", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "software collections for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.15.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.13.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.10" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.15.6" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.14.1" } ], "sources": [ { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.15", "versionStartIncluding": "1.0.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.15.5", "versionStartIncluding": "1.1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-16845" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150453" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" } ], "trust": 0.4 }, "cve": "CVE-2018-16845", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-16845", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-127245", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "impactScore": 4.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "secalert@redhat.com", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 4.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2018-16845", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-16845", "trust": 1.8, "value": "MEDIUM" }, { "author": "secalert@redhat.com", "id": "CVE-2018-16845", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201811-119", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-127245", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2018-16845", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-127245" }, { "db": "VULMON", "id": "CVE-2018-16845" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "CNNVD", "id": "CNNVD-201811-119" }, { "db": "NVD", "id": "CVE-2018-16845" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. nginx Contains an information disclosure vulnerability.Information obtained and denial of service (DoS) May be in a state. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. \nVersions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability is caused by the program not processing MP4 files correctly. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2. \n\nWe recommend that you upgrade your nginx packages. \n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvkq1wACgkQEMKTtsN8\nTjY+Sw//eT499ax9D25pWjbpRjjJQ+WG5m7xL3zoCJfWymNmQnsgiV7/gGbpOvAV\nn6OG/Ckq946v0Du4YFiCDlkPY4P5WJR2/qnBNJPbFEcMssJJbuhpZCLAKSMFjm9A\n2IZYGGHZDMGcEo9ZSEDJX/nViSpbN+Y8koTXX43ORizeKhmOWVY0Dm7gqm2DESti\nCQ0EVQyMSqZisiZumoDjn0FrvkQnxvO4GONfYTUcsZf8z4yb03r7rzO/wDgu9JvU\n8+L7cgMcq5TFT3LoZ/LvrJOv8GbMa5SUwqp84ePEZMtAH4NYFIyijOF05MKox7Pq\nzRO/NTkoIQ7/mfz6dHFRl54Ac5iEGnjL7ksC6zL1rD+W2E+JXOnHUpRdmjQ7CvdA\n/5GnyZSJbvD6D7/c5MBXU8r60ALXc75hiL8ibXM/LExll/vOw7++/7dDqMacSx4O\npQl+tduqW+55VMAyT7DKoM5+nZmq2805EH2P4W37uqE1UCh0eJkEK+bp3BLO2Adx\nIJM1ujtt6Euyu3c1JzZADpiOAsATLxvh1qGxvHmUeXN0ODEYAnV2mgKtZxU8+W+Z\nJrsrUTTzFKlmPQug7Bvx7CyZ6S/EQchjeD+Ni7W/HRtW7/eSoh0dntBjQUlg50yd\nK2fAQq6MD37FTHAghC243ZqqcRJDoDXtKfvKm8Zt3ZUnX3XUqVg=3QLE\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2018:3652-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3652\nIssue date: 2018-11-26\nCVE Names: CVE-2018-16845 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: Denial of service and memory disclosure via mp4 module\n(CVE-2018-16845)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank the Nginx project for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16845\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/viKdzjgjWX9erEAQjSFA/+IYlcY+VkhYOzot4cXoMumMPj0zcn6Iuk\nTwHfLvfooC8KsM5PK3acSmv2526KlfWn9xi8QJ8YMIoZVX8+LPPC7gOVxmwAyYOn\n4uOumQy5rulkk03UB7r6y7u34Xy5mftCXTOouOipvhiW2Na6aZWiRen7ZWRBcMMW\nokYWY03xJU7/OQafttfP3UUVAYiw5adZ6gAflhZA8q8JzF0RhZXnliyt4kpZ1kLj\n8fr6q+9WDVdiHe9u1j1wIXwQglkPnpab+kW1k4KZ3pdJMzFr9unZURHbyDsqbxlh\nT5rNTFtoLO9rgksSYtkuK0D6MvxVu7MzHMl/X0IsCnFwwAjH9xbqftqX5G26pQR6\nL2UlnBNnes+NG357E81aHJus6ioRpjzSsfIrFoU9N0K9llnfbEslwEr239GzF6hH\nsMO5vap7/i2bmYQ7++jw9jfF67K2AtFvZCa/tYWlilkWOM12BkP2HvuYXCgmtb6F\n99oHxB5TyDKPb44epIvzKV/YtvoeHT6beKRIefJ3xstrq8to0f87NZhTTbk5rYt0\nHPf5vLjoZO6SYequmHzn++zoAZubU+oZ3fE05jcbrJSwQeMHWLPTtBoBkmQq+l5y\nrYTxun0/RvYql6bZD4uHAxKzTxyAvrKw0dW+/DGNanQiwkk+/RpPrYTdMhVw4a5a\nZrQQucuvvOo=\n=LfBW\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nginx114-nginx (1.14.1)", "sources": [ { "db": "NVD", "id": "CVE-2018-16845" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "BID", "id": "105868" }, { "db": "VULHUB", "id": "VHN-127245" }, { "db": "VULMON", "id": "CVE-2018-16845" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150453" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-16845", "trust": 3.4 }, { "db": "BID", "id": "105868", "trust": 2.0 }, { "db": "SECTRACK", "id": "1042039", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2018-014189", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201811-119", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3384", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0464", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0451", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042571", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "150453", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-127245", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-16845", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150480", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150481", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150458", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127245" }, { "db": "VULMON", "id": "CVE-2018-16845" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150453" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "CNNVD", "id": "CNNVD-201811-119" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "id": "VAR-201811-0987", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-127245" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:01:53.545000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "[SECURITY] [DLA 1572-1] nginx security update", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html" }, { "title": "DSA-4335", "trust": 0.8, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "title": "Bug 1644508", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845" }, { "title": "RHSA-2018:3652", "trust": 0.8, "url": "https://access.redhat.com/errata/rhsa-2018:3652" }, { "title": "RHSA-2018:3653", "trust": 0.8, "url": "https://access.redhat.com/errata/rhsa-2018:3653" }, { "title": "RHSA-2018:3680", "trust": 0.8, "url": "https://access.redhat.com/errata/rhsa-2018:3680" }, { "title": "RHSA-2018:3681", "trust": 0.8, "url": "https://access.redhat.com/errata/rhsa-2018:3681" }, { "title": "USN-3812-1", "trust": 0.8, "url": "https://usn.ubuntu.com/3812-1/" }, { "title": "(CVE-2018-16845)", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "title": "Nginx Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=86626" }, { "title": "Red Hat: Important: rh-nginx18-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183652 - security advisory" }, { "title": "Red Hat: Important: rh-nginx110-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183653 - security advisory" }, { "title": "Red Hat: Important: rh-nginx112-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183680 - security advisory" }, { "title": "Red Hat: Important: rh-nginx114-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183681 - security advisory" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3812-1" }, { "title": "Red Hat: CVE-2018-16845", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-16845" }, { "title": "Debian CVElist Bug Report Logs: nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f21dcb5d073b4fb671c738fa256c2347" }, { "title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u00e2\u20ac\u2122s dependencies \u00e2\u20ac\u201c Cumulative list from June 28, 2018 to December 13, 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61" }, { "title": "CVE-2018-16845", "trust": 0.1, "url": "https://github.com/t4t4ru/cve-2018-16845 " }, { "title": "anitazhaochen.github.io", "trust": 0.1, "url": "https://github.com/anitazhaochen/anitazhaochen.github.io " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-16845" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "CNNVD", "id": "CNNVD-201811-119" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.1 }, { "problemtype": "CWE-200", "trust": 0.9 }, { "problemtype": "CWE-835", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127245" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845" }, { "trust": 2.0, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "trust": 2.0, "url": "https://usn.ubuntu.com/3812-1/" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3652" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3653" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3680" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3681" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/105868" }, { "trust": 1.7, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.7, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1042039" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16845" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2018-16845" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2018-16843" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1489143" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0464/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3384/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75522" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042571" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-shares-application-is-affected-by-nginx-vulnerabilities-cve-2018-16845-cve-2018-16843-cve-2019-7401/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-16844" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16844" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16843" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/nginx" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-127245" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150453" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "CNNVD", "id": "CNNVD-201811-119" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-127245" }, { "db": "VULMON", "id": "CVE-2018-16845" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150453" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "CNNVD", "id": "CNNVD-201811-119" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-07T00:00:00", "db": "VULHUB", "id": "VHN-127245" }, { "date": "2018-11-07T00:00:00", "db": "VULMON", "id": "CVE-2018-16845" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-03-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "date": "2018-11-12T16:57:53", "db": "PACKETSTORM", "id": "150253" }, { "date": "2018-11-27T17:24:35", "db": "PACKETSTORM", "id": "150480" }, { "date": "2018-11-26T04:44:44", "db": "PACKETSTORM", "id": "150453" }, { "date": "2018-11-27T17:24:48", "db": "PACKETSTORM", "id": "150481" }, { "date": "2018-11-26T10:02:22", "db": "PACKETSTORM", "id": "150458" }, { "date": "2018-11-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-119" }, { "date": "2018-11-07T14:29:00.883000", "db": "NVD", "id": "CVE-2018-16845" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-127245" }, { "date": "2022-02-22T00:00:00", "db": "VULMON", "id": "CVE-2018-16845" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-03-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-119" }, { "date": "2022-02-22T19:27:12.373000", "db": "NVD", "id": "CVE-2018-16845" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-119" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Information Disclosure Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-014189" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "memory leak", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-119" } ], "trust": 0.6 } }
var-201307-0482
Vulnerability from variot
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. Nginx is prone to a remote security vulnerability. Attackers can exploit this issue to a cause a denial-of-service condition or obtain sensitive information. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-04
http://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: October 06, 2013 Bugs: #458726, #468870 ID: 201310-04
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.4.1-r2 >= 1.4.1-r2
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.1-r2"
References
[ 1 ] CVE-2013-0337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337 [ 2 ] CVE-2013-2028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028 [ 3 ] CVE-2013-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-04.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-2721-1 security@debian.org http://www.debian.org/security/ Nico Golde July 07, 2013 http://www.debian.org/security/faq
Package : nginx Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2013-2070 Debian Bug : 708164
A buffer overflow has been identified in nginx, a small, powerful, scalable web/proxy server, when processing certain chunked transfer encoding requests if proxy_pass to untrusted upstream HTTP servers is used.
The oldstable distribution (squeeze), is not affected by this problem.
For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy1.
For the unstable distribution (sid), this problem has been fixed in version 1.4.1-1.
We recommend that you upgrade your nginx packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJR2ZOuAAoJEM1LKvOgoKqqTjsQAMKVFfBMx5Xu6XB6jXXM+2CL +m0TyjQp9oKTlTkZpE18fbQviCVk+A1jZZbHdEZlJnEdy0XvXvJpaN6DiNi10IVi kRQkMBtusXI7Bshh4Z/xWh6on9s//06mQzQzymnMQfcKDcg91Z159xPYi86mlxH5 dnf9/XirRwCokM5PI8duw1YJg2aMUpr5wYi14LVpC93ic5UoL3olwtbWcIAJy6VP auORGQLFTUCljpyEtZXku8mD168RnSubP6FZGRfar3JvywBX4MgK/+KnGXuZKZ6H MNDgVrb8hrkzQJQWvycZjhYUhurqSkR17VgJnwiyHxOxP9Sw6adWoH5aRGwoklhH 0d48CMlunJFvYtFEY8rQqiXBLAyZ09CnrEwgQa3hlugGWkRPVxnKmaghOwXZNXez o8RjCYEOdD2BppUc8RJZYz3UYq+WdVKv499HcgKGscol9aJ8XCYoq/G67697EaPF NUFaL3ApZ7rGiuUsx82FujIRs2rjuvQTe9Wiz2jRh0/BjuKarL/TG3r3SVD5/nDX 6j4ngF8eFDmf2ZfxQM1/Ug2ReO+gglnVZyYy4Kn/fxTTwFMLvznR+2lygAJQs/aM CsRN7KQhDdL1FgELvapLYyfcweeq41NJGwIvD7y3O7JKAlO44IO3XcvdAOHWLY2f 8xcpghy474tAclbQPQUi =4eCV -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201307-0482", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "6.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.3.9" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.2.8" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.4.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.1.4 to 1.2.8" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.3.0 to 1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.1.11" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.4.4" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.3.9" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.3.1" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.3" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.2.1" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.2" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.1.17" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.10" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.9" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.8" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.1.19" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.15" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" } ], "sources": [ { "db": "BID", "id": "59824" }, { "db": "JVNDB", "id": "JVNDB-2013-003474" }, { "db": "NVD", "id": "CVE-2013-2070" }, { "db": "CNNVD", "id": "CNNVD-201305-235" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.2.8", "versionStartIncluding": "1.1.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.4.0", "versionStartIncluding": "1.3.9", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2013-2070" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "59824" } ], "trust": 0.3 }, "cve": "CVE-2013-2070", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2013-2070", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-62072", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2013-2070", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201305-235", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-62072", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-62072" }, { "db": "JVNDB", "id": "JVNDB-2013-003474" }, { "db": "NVD", "id": "CVE-2013-2070" }, { "db": "CNNVD", "id": "CNNVD-201305-235" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. Nginx is prone to a remote security vulnerability. \nAttackers can exploit this issue to a cause a denial-of-service condition or obtain sensitive information. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201310-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: October 06, 2013\n Bugs: #458726, #468870\n ID: 201310-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.4.1-r2 \u003e= 1.4.1-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could send a specially crafted request, possibly\nresulting in execution of arbitrary code with the privileges of the\nprocess, or a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.4.1-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-0337\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337\n[ 2 ] CVE-2013-2028\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028\n[ 3 ] CVE-2013-2070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201310-04.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2721-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nJuly 07, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nginx\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-2070\nDebian Bug : 708164\n\nA buffer overflow has been identified in nginx, a small, powerful,\nscalable web/proxy server, when processing certain chunked transfer\nencoding requests if proxy_pass to untrusted upstream HTTP servers is\nused. \n\nThe oldstable distribution (squeeze), is not affected by this problem. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.1-2.2+wheezy1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.1-1. \n\nWe recommend that you upgrade your nginx packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niQIcBAEBCgAGBQJR2ZOuAAoJEM1LKvOgoKqqTjsQAMKVFfBMx5Xu6XB6jXXM+2CL\n+m0TyjQp9oKTlTkZpE18fbQviCVk+A1jZZbHdEZlJnEdy0XvXvJpaN6DiNi10IVi\nkRQkMBtusXI7Bshh4Z/xWh6on9s//06mQzQzymnMQfcKDcg91Z159xPYi86mlxH5\ndnf9/XirRwCokM5PI8duw1YJg2aMUpr5wYi14LVpC93ic5UoL3olwtbWcIAJy6VP\nauORGQLFTUCljpyEtZXku8mD168RnSubP6FZGRfar3JvywBX4MgK/+KnGXuZKZ6H\nMNDgVrb8hrkzQJQWvycZjhYUhurqSkR17VgJnwiyHxOxP9Sw6adWoH5aRGwoklhH\n0d48CMlunJFvYtFEY8rQqiXBLAyZ09CnrEwgQa3hlugGWkRPVxnKmaghOwXZNXez\no8RjCYEOdD2BppUc8RJZYz3UYq+WdVKv499HcgKGscol9aJ8XCYoq/G67697EaPF\nNUFaL3ApZ7rGiuUsx82FujIRs2rjuvQTe9Wiz2jRh0/BjuKarL/TG3r3SVD5/nDX\n6j4ngF8eFDmf2ZfxQM1/Ug2ReO+gglnVZyYy4Kn/fxTTwFMLvznR+2lygAJQs/aM\nCsRN7KQhDdL1FgELvapLYyfcweeq41NJGwIvD7y3O7JKAlO44IO3XcvdAOHWLY2f\n8xcpghy474tAclbQPQUi\n=4eCV\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2013-2070" }, { "db": "JVNDB", "id": "JVNDB-2013-003474" }, { "db": "BID", "id": "59824" }, { "db": "VULHUB", "id": "VHN-62072" }, { "db": "PACKETSTORM", "id": "123516" }, { "db": "PACKETSTORM", "id": "122319" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2013-2070", "trust": 3.0 }, { "db": "BID", "id": "59824", "trust": 2.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2013/05/13/3", "trust": 1.7 }, { "db": "SECUNIA", "id": "55181", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2013-003474", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201305-235", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "122319", "trust": 0.2 }, { "db": "SEEBUG", "id": "SSVID-60786", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-62072", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123516", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-62072" }, { "db": "BID", "id": "59824" }, { "db": "JVNDB", "id": "JVNDB-2013-003474" }, { "db": "PACKETSTORM", "id": "123516" }, { "db": "PACKETSTORM", "id": "122319" }, { "db": "NVD", "id": "CVE-2013-2070" }, { "db": "CNNVD", "id": "CNNVD-201305-235" } ] }, "id": "VAR-201307-0482", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-62072" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:49:41.913000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FEDORA-2013-8182", "trust": 0.8, "url": "https://lists.fedoraproject.org/pipermail/package-announce/2013-may/105950.html" }, { "title": "GLSA 201310-04", "trust": 0.8, "url": "http://www.gentoo.org/security/en/glsa/glsa-201310-04.xml" }, { "title": "Top Page", "trust": 0.8, "url": "http://nginx.org/ja/" }, { "title": "Bug 962525", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962525" }, { "title": "CVE-2013-2028", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html" }, { "title": "Nginx Fixes for permissions and access control issues vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=134169" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-003474" }, { "db": "CNNVD", "id": "CNNVD-201305-235" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-62072" }, { "db": "JVNDB", "id": "JVNDB-2013-003474" }, { "db": "NVD", "id": "CVE-2013-2070" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml" }, { "trust": 1.7, "url": "http://secunia.com/advisories/55181" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/59824" }, { "trust": 1.7, "url": "http://www.debian.org/security/2013/dsa-2721" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-may/105950.html" }, { "trust": 1.7, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html" }, { "trust": 1.7, "url": "http://seclists.org/oss-sec/2013/q2/291" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2013/05/13/3" }, { "trust": 1.7, "url": "http://nginx.org/download/patch.2013.proxy.txt" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962525" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84172" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2070" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2070" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://seclists.org/oss-sec/2013/q2/315" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2070" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0337" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0337" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2028" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2070" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2028" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-62072" }, { "db": "BID", "id": "59824" }, { "db": "JVNDB", "id": "JVNDB-2013-003474" }, { "db": "PACKETSTORM", "id": "123516" }, { "db": "PACKETSTORM", "id": "122319" }, { "db": "NVD", "id": "CVE-2013-2070" }, { "db": "CNNVD", "id": "CNNVD-201305-235" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-62072" }, { "db": "BID", "id": "59824" }, { "db": "JVNDB", "id": "JVNDB-2013-003474" }, { "db": "PACKETSTORM", "id": "123516" }, { "db": "PACKETSTORM", "id": "122319" }, { "db": "NVD", "id": "CVE-2013-2070" }, { "db": "CNNVD", "id": "CNNVD-201305-235" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-07-20T00:00:00", "db": "VULHUB", "id": "VHN-62072" }, { "date": "2013-05-13T00:00:00", "db": "BID", "id": "59824" }, { "date": "2013-07-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-003474" }, { "date": "2013-10-07T22:29:42", "db": "PACKETSTORM", "id": "123516" }, { "date": "2013-07-08T19:34:00", "db": "PACKETSTORM", "id": "122319" }, { "date": "2013-07-20T03:37:25.247000", "db": "NVD", "id": "CVE-2013-2070" }, { "date": "2013-05-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201305-235" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-62072" }, { "date": "2015-04-13T22:23:00", "db": "BID", "id": "59824" }, { "date": "2013-11-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-003474" }, { "date": "2021-11-10T15:59:33.600000", "db": "NVD", "id": "CVE-2013-2070" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201305-235" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201305-235" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of http/modules/ngx_http_proxy_module.c Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-003474" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201305-235" } ], "trust": 0.6 } }
var-201001-0319
Vulnerability from variot
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. The 'nginx' program is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue affects nginx 0.7.64; other versions may also be affected. Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection
Name Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Systems Affected nginx 0.7.64 Varnish 2.0.6 Cherokee 0.99.30 mini_httpd 1.19 thttpd 2.25b0 WEBrick 1.3.1 Orion 2.0.7 AOLserver 4.5.1 Yaws 1.85 Boa 0.94.14rc21 Severity Medium Impact (CVSSv2) Medium 5/10, vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) Vendor http://www.nginx.net/ http://varnish.projects.linpro.no/ http://www.cherokee-project.com/ http://www.ruby-lang.org/ http://www.acme.com/software/thttpd/ http://www.acme.com/software/mini_httpd/ http://www.orionserver.com/ http://www.aolserver.com/ http://yaws.hyber.org/ http://www.boa.org/ Advisory http://www.ush.it/team/ush/hack_httpd_escape/adv.txt Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it) Alessandro "jekil" Tanasi (alessandro AT tanasi DOT it) Francesco "ascii" Ongaro (ascii AT ush DOT it) Date 20100110
I. BACKGROUND
nginx is a HTTP and reverse proxy server written by Igor Sysoev. Varnish is a state-of-the-art, high-performance HTTP accelerator. Cherokee is a very fast, flexible and easy to configure Web Server. thttpd is a simple, small, portable, fast, and secure HTTP server. mini_httpd is a small HTTP server. WEBrick is a Ruby library providing simple HTTP web server services. Orion Application Server is a pure java application-server. AOLserver is America Online's Open-Source web server. Yaws is a HTTP high perfomance 1.1 webserver. Boa is a single-tasking HTTP server.
II. DESCRIPTION
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to logs escape sequence injection vulnerabilites.
Escape sequences are special characters sequences that are used to instruct the terminal to perform special operations like executing commands [4, 5] or dumping the buffer to a file [6, 7].
When the webserver is executed in foreground in a pty or when the logfiles are viewed with tools like "cat" or "tail" such control chars reach the terminal and are executed.
III. ANALYSIS
Summary:
A) "nginx" log escape sequence injection (Affected versions: 0.7.64 and probably earlier versions)
B) "Varnish" log escape sequence injection (Affected versions: 2.0.6 and probably earlier versions)
C) "Cherokee" log escape sequence injection (Affected versions: 0.99.30 and probably earlier versions)
D) "thttpd" log escape sequence injection (Affected versions: thttpd/2.25b and probably earlier versions)
E) "mini_httpd" log escape sequence injection (Affected versions: 1.19 and probably earlier versions)
F) "WEBrick" log escape sequence injection (Affected versions: 1.3.1 and probably earlier versions)
G) "Orion" log escape sequence injection (Affected versions: 2.0.7 and probably earlier versions)
H) "AOLserver" log escape sequence injection (Affected versions: 4.5.1 and probably earlier versions)
I) "Yaws" log escape sequence injection (Affected versions: 1.85 and probably earlier versions)
L) "Boa" log escape sequence injection (Affected versions: 0.94.14rc21 and probably earlier versions)
A) "nginx" log escape sequence injection
One of the following two Proofs Of Concept can be used in order to verify the vulnerability.
curl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a
echo -en "GET /\x1b]2;owned?\x07\x0a\x0d\x0a\x0d" > payload nc localhost 80 < payload
B) "Varnish" log escape sequence injection
One of the following two Proofs Of Concept can be used in order to verify the vulnerability.
xterm varnishlog
echo -en "GET /\x1b]2;owned?\x07\x0a\x0d\x0a\x0d" > payload nc localhost 80 < payload
C) "Cherokee" log escape sequence injection
The following Proof Of Concept can be used in order to verify the vulnerability.
curl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a
D) "thttpd" log escape sequence injection
The following Proof Of Concept can be used in order to verify the vulnerability.
echo -en "GET /\x1b]2;owned?\x07\x0a\x0d\x0a\x0d" > payload nc localhost 80 < payload
E) "mini_httpd" log escape sequence injection
One of the following two Proofs Of Concept can be used in order to verify the vulnerability.
curl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a
echo -en "GET /\x1b]2;owned?\x07\x0a\x0d\x0a\x0d" > payload nc localhost 80 < payload
F) "WEBrick" log escape sequence injection
One of the following two Proofs Of Concept can be used in order to verify the vulnerability.
curl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a
echo -en "GET /\x1b]2;owned?\x07\x0a\x0d\x0a\x0d" > payload nc localhost 80 < payload
G) "Orion" log escape sequence injection
One of the following two Proofs Of Concept can be used in order to verify the vulnerability.
curl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a
echo -en "GET /\x1b]2;owned?\x07\x0a\x0d\x0a\x0d" > payload nc localhost 80 < payload
H) "AOLserver" log escape sequence injection
The following Proof Of Concept can be used in order to verify the vulnerability.
echo -en "GET /\x1b]2;owned?\x07\x0a\x0d\x0a\x0d" > payload nc localhost 80 < payload
I) "Yaws" log escape sequence injection
One of the following two Proofs Of Concept can be used in order to verify the vulnerability.
curl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a
echo -en "GET /\x1b]2;owned?\x07\x0a\x0d\x0a\x0d" > payload nc localhost 80 < payload
L) "Boa" log escape sequence injection
The following Proof Of Concept can be used in order to verify the vulnerability.
curl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a
IV. DETECTION
Services like Shodan (shodan.surtri.com) or Google can be used to get an approximate idea on the usage of the products.
Some examples: - http://shodan.surtri.com/?q=nginx - http://www.google.com/search?q="powered+by+Cherokee" - curl -kis http://www.antani.gov | grep -E "Server: Orion/2.0.8"
V. WORKAROUND
Cherokee and WEBrick (Ruby) released related security fixes and releases as detailed below.
Cherokee issued a public patch that resolved the issue but caused some issues (http://svn.cherokee-project.com/changeset/3944) and has been later replaced (http://svn.cherokee-project.com/changeset/3977) by a better fix that both resolve the issue and doesn't affect the normal webserver behavior. Use the second patch or a safe release like 0.99.34 or above. If you are using Cherokee 0.99.32 please note that your build uses the first patch.
Webrick (Ruby) sent us the following patch and issued a release that fixes the issues. Detailed informations are available at the following url:
http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection
The patch we reviewed is the following but please refer to the vendor's article for exact informations.
--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--
Index: lib/webrick/httpstatus.rb
--- lib/webrick/httpstatus.rb (revision 26065) +++ lib/webrick/httpstatus.rb (working copy) @@ -13,5 +13,15 @@ module WEBrick module HTTPStatus
- class Status < StandardError; end
- class Status < StandardError
- def initialize(message, *rest)
- super(AccessLog.escape(message), *rest)
- end
- class << self
- attr_reader :code, :reason_phrase
- end
- def code() self::class::code end
- def reason_phrase() self::class::reason_phrase end
- alias to_i code
-
end class Info < Status; end class Success < Status; end @@ -69,4 +79,5 @@ module WEBrick
StatusMessage.each{|code, message| + message.freeze var_name = message.gsub(/[ -]/,'_').upcase err_name = message.gsub(/[ -]/,'') @@ -80,16 +91,10 @@ module WEBrick end
-
eval %-
- RC_#{var_name} = #{code}
- class #{err_name} < #{parent}
- def self.code() RC_#{var_name} end
- def self.reason_phrase() StatusMessage[code] end
- def code() self::class::code end
- def reason_phrase() self::class::reason_phrase end
- alias to_i code
- end
-
-
- CodeToError[code] = const_get(err_name)
- const_set("RC_#{var_name}", code)
- err_class = Class.new(parent)
- err_class.instance_variable_set(:@code, code)
- err_class.instance_variable_set(:@reason_phrase, message)
- const_set(err_name, err_class)
- CodeToError[code] = err_class }
Index: lib/webrick/httprequest.rb
--- lib/webrick/httprequest.rb (revision 26065) +++ lib/webrick/httprequest.rb (working copy) @@ -267,9 +267,5 @@ module WEBrick end end - begin - @header = HTTPUtils::parse_header(@raw_header.join) - rescue => ex - raise HTTPStatus::BadRequest, ex.message - end + @header = HTTPUtils::parse_header(@raw_header.join) end
Index: lib/webrick/httputils.rb
--- lib/webrick/httputils.rb (revision 26065) +++ lib/webrick/httputils.rb (working copy) @@ -130,9 +130,9 @@ module WEBrick value = $1 unless field - raise "bad header '#{line.inspect}'." + raise HTTPStatus::BadRequest, "bad header '#{line}'." end header[field][-1] << " " << value else - raise "bad header '#{line.inspect}'." + raise HTTPStatus::BadRequest, "bad header '#{line}'." end }
Index: lib/webrick/accesslog.rb
--- lib/webrick/accesslog.rb (revision 26065) +++ lib/webrick/accesslog.rb (working copy) @@ -54,5 +54,5 @@ module WEBrick raise AccessLogError, "parameter is required for \"#{spec}\"" unless param - params[spec][param] || "-" + param = params[spec][param] ? escape(param) : "-" when ?t params[spec].strftime(param || CLF_TIME_FORMAT) @@ -60,8 +60,16 @@ module WEBrick "%" else - params[spec] + escape(params[spec].to_s) end } end + + def escape(data) + if data.tainted? + data.gsub(/[[:cntrl:]\]+/) {$&.dump[1...-1]}.untaint + else + data + end + end end end
--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--
VI. VENDOR RESPONSE
We contacted the vendors of eleven affected webservers, counting the previous advisory [1] for Jetty. Three fixed the issue (Cherokee, WEBrick/Ruby and Jetty), one will not fix the issue (Varnish) and one acknowledged the issue (AOLserver).
Nginx NO-RESPONSE Cherokee FIXED thttpd NO-RESPONSE mini-httpd NO-RESPONSE WEBrick FIXED Orion NO-RESPONSE AOLserver ACK Yaws NO-RESPONSE Boa NO-RESPONSE Varnish WONT-FIX
The response was overall good and it was nice to work with them, in particular we want to thank Cherokee's staff, Ruby's staff, Raphael Geissert (Debian) and Steven M. Christey (Mitre) for the support.
Poul-Henning Kamp (Varnish) replied to our contact email with the following email that we quote as-is.
--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--
The official Varnish response, which I ask that you include in its entirety in your advisory, if you list Varnish as "vulnerable" in it:
This is not a security problem in Varnish or any other piece of software which writes a logfile.
The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely.
This is not a new issue. I first remember the issue with xterm(1)'s inadvisably implemented escape-sequences in a root-context, brought up heatedly, in 1988, possibly late 1987, at Copenhagens University Computer Science dept. (Diku.dk). Since then, nothing much have changed.
The wisdom of terminal-response-escapes in general have been questioned at regular intervals, but still none of the major terminal emulation programs have seen fit to discard these sequences, probably in a misguided attempt at compatibility with no longer used 1970'es technology.
I admit that listing "found a security hole in all HTTP-related programs that write logfiles" will look more impressive on a resume, but I think it is misguided and a sign of trophy-hunting having overtaken common sense.
Instead of blaming any and all programs which writes logfiles, it would be much more productive, from a security point of view, to get the terminal emulation programs to stop doing stupid things, and thus fix this and other security problems once and for all.
--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--
We would like to punctuate the following facts:
1) We totally agree that the root of the problem is an unwise design in the terminal emulators. If in 70' controls were sent out of band on a secondary channel we would not have the equivalent of Blue Boxing in the terminal.
This is a known issue from years. We didn't invented this attack vector and never claimed so. We don't think that design changes will happen in the short or mid term so it's better to have a proactive approach and sanitize outputs where functionalities are likely to not be affected at all like in this case.
Security in complex systems requires some sinergy.
2) Varnish is the only program that doesn't need a "cat" program as logs are stored in memory and displayed using the "varnishlog" utility.
2) Apache fixed a similiar bug (CVE-2003-0020), "Low: Error log escape filtering", in 2004 (six years ago). The bug was affecting Apache up to 1.3.29 [8] or 2.0.48 [9] depending on the branch.
Take you conclusion, criticize if you want. In the meantime things are a little safer.
VII. CVE INFORMATION
CVE-2009-4487 nginx 0.7.64 CVE-2009-4488 Varnish 2.0.6 CVE-2009-4489 Cherokee 0.99.30 CVE-2009-4490 mini_httpd 1.19 CVE-2009-4491 thttpd 2.25b0 CVE-2009-4492 WEBrick 1.3.1 CVE-2009-4493 Orion 2.0.7 CVE-2009-4494 AOLserver 4.5.1 CVE-2009-4495 Yaws 1.85 CVE-2009-4496 Boa 0.94.14rc21
VIII. DISCLOSURE TIMELINE
20091117 Bug discovered 20091208 First vendor contact 20091209 Cherokee team confirms vulnerability (Alvaro Lopez Ortega) 20091209 Alvaro Lopez Ortega commits Cherokee patch 20091210 Ruby team confirms vulnerability (Shugo Maeda) 20091211 Shugo Maeda sends us webrick patch for evaulation 20091211 AOLserver confirms vulnerability (Jim Davidson) 20091221 Contacted Raphael Geissert (Debian Security) 20091223 Contacted Steven M. Christey (mitre.org) 20091230 Raphael Geissert forwards to Redhat, Debian, Ubuntu and Mitre 20091230 CVEs assigned by Steven M. Christey 20100105 Poul-Henning (Varnish) Kamp said WONT-FIX 20100105 Ruby team is ready for commit (Urabe Shyouhei) 20100106 Second vendor contact 20100110 Advisory release
IX. REFERENCES
[1] Jetty 6.x and 7.x Multiple Vulnerabilities http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt [2] Apache does not filter terminal escape sequences from error logs http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020 [3] Apache does not filter terminal escape sequences from access logs http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083 [4] Debian GNU/Linux XTERM (DECRQSS/comments) Weakness Vulnerability http://www.milw0rm.com/exploits/7681 [5] Terminal Emulator Security Issues http://marc.info/?l=bugtraq&m=104612710031920&w=2 [6] Eterm Screen Dump Escape Sequence Local File Corruption Vulnerability http://www.securityfocus.com/bid/6936/discuss [7] RXVT Screen Dump Escape Sequence Local File Corruption Vulnerability http://www.securityfocus.com/bid/6938/discuss [8] Apache httpd 1.3 vulnerabilities http://httpd.apache.org/security/vulnerabilities_13.html [9] Apache httpd 2.2 vulnerabilities http://httpd.apache.org/security/vulnerabilities_22.html
X. CREDIT
Giovanni "evilaliv3" Pellerano, Alessandro "jekil" Tanasi and Francesco "ascii" Ongaro are credited with the discovery of this vulnerability.
Giovanni "evilaliv3" Pellerano web site: http://www.ush.it/, http://www.evilaliv3.org/ mail: evilaliv3 AT ush DOT it
Alessandro "jekil" Tanasi web site: http://www.tanasi.it/ mail: alessandro AT tanasi DOT it
Francesco "ascii" Ongaro web site: http://www.ush.it/ mail: ascii AT ush DOT it
X. LEGAL NOTICES
Copyright (c) 2009 Francesco "ascii" Ongaro
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without mine express written consent. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email me for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201001-0319", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "eq", "trust": 1.4, "vendor": "igor sysoev", "version": "0.7.64" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.64" }, { "model": "khasilev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.64" } ], "sources": [ { "db": "BID", "id": "37711" }, { "db": "JVNDB", "id": "JVNDB-2010-004324" }, { "db": "NVD", "id": "CVE-2009-4487" }, { "db": "CNNVD", "id": "CNNVD-201001-094" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2009-4487" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Alessandro \u0027jekil\u0027 Tanasi,Giovanni \u0027evilaliv3\u0027 Pellerano, and Francesco \u0027ascii\u0027 Ongaro", "sources": [ { "db": "CNNVD", "id": "CNNVD-201001-094" } ], "trust": 0.6 }, "cve": "CVE-2009-4487", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2009-4487", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-41933", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2009-4487", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201001-094", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-41933", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-41933" }, { "db": "JVNDB", "id": "JVNDB-2010-004324" }, { "db": "NVD", "id": "CVE-2009-4487" }, { "db": "CNNVD", "id": "CNNVD-201001-094" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window\u0027s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. The \u0027nginx\u0027 program is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. \nAttackers can exploit this issue to execute arbitrary commands in a terminal. \nThis issue affects nginx 0.7.64; other versions may also be affected. Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver,\nYaws and Boa log escape sequence injection\n\n Name Nginx, Varnish, Cherokee, thttpd, mini-httpd,\n WEBrick, Orion, AOLserver, Yaws and Boa log escape\n sequence injection\n Systems Affected nginx 0.7.64\n Varnish 2.0.6\n Cherokee 0.99.30\n mini_httpd 1.19\n thttpd 2.25b0\n WEBrick 1.3.1\n Orion 2.0.7\n AOLserver 4.5.1\n Yaws 1.85\n Boa 0.94.14rc21\n Severity Medium\n Impact (CVSSv2) Medium 5/10, vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n Vendor http://www.nginx.net/\n http://varnish.projects.linpro.no/\n http://www.cherokee-project.com/\n http://www.ruby-lang.org/\n http://www.acme.com/software/thttpd/\n http://www.acme.com/software/mini_httpd/\n http://www.orionserver.com/\n http://www.aolserver.com/\n http://yaws.hyber.org/\n http://www.boa.org/\n Advisory http://www.ush.it/team/ush/hack_httpd_escape/adv.txt\n Authors Giovanni \"evilaliv3\" Pellerano (evilaliv3 AT ush DOT it)\n Alessandro \"jekil\" Tanasi (alessandro AT tanasi DOT it)\n Francesco \"ascii\" Ongaro (ascii AT ush DOT it)\n Date 20100110\n\nI. BACKGROUND\n\nnginx is a HTTP and reverse proxy server written by Igor Sysoev. \nVarnish is a state-of-the-art, high-performance HTTP accelerator. \nCherokee is a very fast, flexible and easy to configure Web Server. \nthttpd is a simple, small, portable, fast, and secure HTTP server. \nmini_httpd is a small HTTP server. \nWEBrick is a Ruby library providing simple HTTP web server services. \nOrion Application Server is a pure java application-server. \nAOLserver is America Online\u0027s Open-Source web server. \nYaws is a HTTP high perfomance 1.1 webserver. \nBoa is a single-tasking HTTP server. \n\nII. DESCRIPTION\n\nNginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver,\nYaws and Boa are subject to logs escape sequence injection\nvulnerabilites. \n\nEscape sequences are special characters sequences that are used to\ninstruct the terminal to perform special operations like executing\ncommands [4, 5] or dumping the buffer to a file [6, 7]. \n\nWhen the webserver is executed in foreground in a pty or when the\nlogfiles are viewed with tools like \"cat\" or \"tail\" such control chars\nreach the terminal and are executed. \n\nIII. ANALYSIS\n\nSummary:\n\n A) \"nginx\" log escape sequence injection\n (Affected versions: 0.7.64 and probably earlier versions)\n\n B) \"Varnish\" log escape sequence injection\n (Affected versions: 2.0.6 and probably earlier versions)\n\n C) \"Cherokee\" log escape sequence injection\n (Affected versions: 0.99.30 and probably earlier versions)\n\n D) \"thttpd\" log escape sequence injection\n (Affected versions: thttpd/2.25b and probably earlier versions)\n\n E) \"mini_httpd\" log escape sequence injection\n (Affected versions: 1.19 and probably earlier versions)\n\n F) \"WEBrick\" log escape sequence injection\n (Affected versions: 1.3.1 and probably earlier versions)\n\n G) \"Orion\" log escape sequence injection\n (Affected versions: 2.0.7 and probably earlier versions)\n\n H) \"AOLserver\" log escape sequence injection\n (Affected versions: 4.5.1 and probably earlier versions)\n\n I) \"Yaws\" log escape sequence injection\n (Affected versions: 1.85 and probably earlier versions)\n\n L) \"Boa\" log escape sequence injection\n (Affected versions: 0.94.14rc21 and probably earlier versions)\n\nA) \"nginx\" log escape sequence injection\n\nOne of the following two Proofs Of Concept can be used in order to\nverify the vulnerability. \n\ncurl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a\n\necho -en \"GET /\\x1b]2;owned?\\x07\\x0a\\x0d\\x0a\\x0d\" \u003e payload\nnc localhost 80 \u003c payload\n\nB) \"Varnish\" log escape sequence injection\n\nOne of the following two Proofs Of Concept can be used in order to\nverify the vulnerability. \n\nxterm varnishlog\n\necho -en \"GET /\\x1b]2;owned?\\x07\\x0a\\x0d\\x0a\\x0d\" \u003e payload\nnc localhost 80 \u003c payload\n\nC) \"Cherokee\" log escape sequence injection\n\nThe following Proof Of Concept can be used in order to verify the\nvulnerability. \n\ncurl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a\n\nD) \"thttpd\" log escape sequence injection\n\nThe following Proof Of Concept can be used in order to verify the\nvulnerability. \n\necho -en \"GET /\\x1b]2;owned?\\x07\\x0a\\x0d\\x0a\\x0d\" \u003e payload\nnc localhost 80 \u003c payload\n\nE) \"mini_httpd\" log escape sequence injection\n\nOne of the following two Proofs Of Concept can be used in order to\nverify the vulnerability. \n\ncurl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a\n\necho -en \"GET /\\x1b]2;owned?\\x07\\x0a\\x0d\\x0a\\x0d\" \u003e payload\nnc localhost 80 \u003c payload\n\nF) \"WEBrick\" log escape sequence injection\n\nOne of the following two Proofs Of Concept can be used in order to\nverify the vulnerability. \n\ncurl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a\n\necho -en \"GET /\\x1b]2;owned?\\x07\\x0a\\x0d\\x0a\\x0d\" \u003e payload\nnc localhost 80 \u003c payload\n\nG) \"Orion\" log escape sequence injection\n\nOne of the following two Proofs Of Concept can be used in order to\nverify the vulnerability. \n\ncurl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a\n\necho -en \"GET /\\x1b]2;owned?\\x07\\x0a\\x0d\\x0a\\x0d\" \u003e payload\nnc localhost 80 \u003c payload\n\nH) \"AOLserver\" log escape sequence injection\n\nThe following Proof Of Concept can be used in order to verify the\nvulnerability. \n\necho -en \"GET /\\x1b]2;owned?\\x07\\x0a\\x0d\\x0a\\x0d\" \u003e payload\nnc localhost 80 \u003c payload\n\nI) \"Yaws\" log escape sequence injection\n\nOne of the following two Proofs Of Concept can be used in order to\nverify the vulnerability. \n\ncurl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a\n\necho -en \"GET /\\x1b]2;owned?\\x07\\x0a\\x0d\\x0a\\x0d\" \u003e payload\nnc localhost 80 \u003c payload\n\nL) \"Boa\" log escape sequence injection\n\nThe following Proof Of Concept can be used in order to verify the\nvulnerability. \n\ncurl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a\n\nIV. DETECTION\n\nServices like Shodan (shodan.surtri.com) or Google can be used to get an\napproximate idea on the usage of the products. \n\nSome examples:\n - http://shodan.surtri.com/?q=nginx\n - http://www.google.com/search?q=\"powered+by+Cherokee\"\n - curl -kis http://www.antani.gov | grep -E \"Server: Orion/2.0.8\"\n\nV. WORKAROUND\n\nCherokee and WEBrick (Ruby) released related security fixes and releases\nas detailed below. \n\nCherokee issued a public patch that resolved the issue but caused some\nissues (http://svn.cherokee-project.com/changeset/3944) and has been\nlater replaced (http://svn.cherokee-project.com/changeset/3977) by a\nbetter fix that both resolve the issue and doesn\u0027t affect the normal\nwebserver behavior. Use the second patch or a safe release like 0.99.34\nor above. If you are using Cherokee 0.99.32 please note that your build\nuses the first patch. \n\nWebrick (Ruby) sent us the following patch and issued a release\nthat fixes the issues. Detailed informations are available at the\nfollowing url:\n\nhttp://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection\n\nThe patch we reviewed is the following but please refer to the vendor\u0027s\narticle for exact informations. \n\n--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--\n\nIndex: lib/webrick/httpstatus.rb\n===================================================================\n--- lib/webrick/httpstatus.rb\t(revision 26065)\n+++ lib/webrick/httpstatus.rb\t(working copy)\n@@ -13,5 +13,15 @@ module WEBrick\n module HTTPStatus\n\n- class Status \u003c StandardError; end\n+ class Status \u003c StandardError\n+ def initialize(message, *rest)\n+ super(AccessLog.escape(message), *rest)\n+ end\n+ class \u003c\u003c self\n+ attr_reader :code, :reason_phrase\n+ end\n+ def code() self::class::code end\n+ def reason_phrase() self::class::reason_phrase end\n+ alias to_i code\n+ end\n class Info \u003c Status; end\n class Success \u003c Status; end\n@@ -69,4 +79,5 @@ module WEBrick\n\n StatusMessage.each{|code, message|\n+ message.freeze\n var_name = message.gsub(/[ \\-]/,\u0027_\u0027).upcase\n err_name = message.gsub(/[ \\-]/,\u0027\u0027)\n@@ -80,16 +91,10 @@ module WEBrick\n end\n\n- eval %-\n- RC_#{var_name} = #{code}\n- class #{err_name} \u003c #{parent}\n- def self.code() RC_#{var_name} end\n- def self.reason_phrase() StatusMessage[code] end\n- def code() self::class::code end\n- def reason_phrase() self::class::reason_phrase end\n- alias to_i code\n- end\n- -\n-\n- CodeToError[code] = const_get(err_name)\n+ const_set(\"RC_#{var_name}\", code)\n+ err_class = Class.new(parent)\n+ err_class.instance_variable_set(:@code, code)\n+ err_class.instance_variable_set(:@reason_phrase, message)\n+ const_set(err_name, err_class)\n+ CodeToError[code] = err_class\n }\n\nIndex: lib/webrick/httprequest.rb\n===================================================================\n--- lib/webrick/httprequest.rb\t(revision 26065)\n+++ lib/webrick/httprequest.rb\t(working copy)\n@@ -267,9 +267,5 @@ module WEBrick\n end\n end\n- begin\n- @header = HTTPUtils::parse_header(@raw_header.join)\n- rescue =\u003e ex\n- raise HTTPStatus::BadRequest, ex.message\n- end\n+ @header = HTTPUtils::parse_header(@raw_header.join)\n end\n\nIndex: lib/webrick/httputils.rb\n===================================================================\n--- lib/webrick/httputils.rb\t(revision 26065)\n+++ lib/webrick/httputils.rb\t(working copy)\n@@ -130,9 +130,9 @@ module WEBrick\n value = $1\n unless field\n- raise \"bad header \u0027#{line.inspect}\u0027.\"\n+ raise HTTPStatus::BadRequest, \"bad header \u0027#{line}\u0027.\"\n end\n header[field][-1] \u003c\u003c \" \" \u003c\u003c value\n else\n- raise \"bad header \u0027#{line.inspect}\u0027.\"\n+ raise HTTPStatus::BadRequest, \"bad header \u0027#{line}\u0027.\"\n end\n }\n\nIndex: lib/webrick/accesslog.rb\n===================================================================\n--- lib/webrick/accesslog.rb\t(revision 26065)\n+++ lib/webrick/accesslog.rb\t(working copy)\n@@ -54,5 +54,5 @@ module WEBrick\n raise AccessLogError,\n \"parameter is required for \\\"#{spec}\\\"\" unless param\n- params[spec][param] || \"-\"\n+ param = params[spec][param] ? escape(param) : \"-\"\n when ?t\n params[spec].strftime(param || CLF_TIME_FORMAT)\n@@ -60,8 +60,16 @@ module WEBrick\n \"%\"\n else\n- params[spec]\n+ escape(params[spec].to_s)\n end\n }\n end\n+\n+ def escape(data)\n+ if data.tainted?\n+ data.gsub(/[[:cntrl:]\\\\]+/) {$\u0026.dump[1...-1]}.untaint\n+ else\n+ data\n+ end\n+ end\n end\n end\n\n--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--\n\nVI. VENDOR RESPONSE\n\nWe contacted the vendors of eleven affected webservers, counting the\nprevious advisory [1] for Jetty. Three fixed the issue (Cherokee,\nWEBrick/Ruby and Jetty), one will not fix the issue (Varnish) and one\nacknowledged the issue (AOLserver). \n\nNginx NO-RESPONSE\nCherokee FIXED\nthttpd NO-RESPONSE\nmini-httpd NO-RESPONSE\nWEBrick FIXED\nOrion NO-RESPONSE\nAOLserver ACK\nYaws NO-RESPONSE\nBoa NO-RESPONSE\nVarnish WONT-FIX\n\nThe response was overall good and it was nice to work with them, in\nparticular we want to thank Cherokee\u0027s staff, Ruby\u0027s staff, Raphael\nGeissert (Debian) and Steven M. Christey (Mitre) for the support. \n\nPoul-Henning Kamp (Varnish) replied to our contact email with the\nfollowing email that we quote as-is. \n\n--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--\n\nThe official Varnish response, which I ask that you include in its\nentirety in your advisory, if you list Varnish as \"vulnerable\" in it:\n\nThis is not a security problem in Varnish or any other piece of software\nwhich writes a logfile. \n\nThe real problem is the mistaken belief that you can cat(1) a random\nlogfile to your terminal safely. \n\nThis is not a new issue. I first remember the issue with xterm(1)\u0027s\ninadvisably implemented escape-sequences in a root-context, brought up\nheatedly, in 1988, possibly late 1987, at Copenhagens University\nComputer Science dept. (Diku.dk). Since then, nothing much have changed. \n\nThe wisdom of terminal-response-escapes in general have been questioned\nat regular intervals, but still none of the major terminal emulation\nprograms have seen fit to discard these sequences, probably in a\nmisguided attempt at compatibility with no longer used 1970\u0027es\ntechnology. \n\nI admit that listing \"found a security hole in all HTTP-related programs\nthat write logfiles\" will look more impressive on a resume, but I think\nit is misguided and a sign of trophy-hunting having overtaken common\nsense. \n\nInstead of blaming any and all programs which writes logfiles, it would\nbe much more productive, from a security point of view, to get the\nterminal emulation programs to stop doing stupid things, and thus fix\nthis and other security problems once and for all. \n\n--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--8\u003c--\n\nWe would like to punctuate the following facts:\n\n1) We totally agree that the root of the problem is an unwise design in\nthe terminal emulators. If in 70\u0027 controls were sent out of band on a\nsecondary channel we would not have the equivalent of Blue Boxing in the\nterminal. \n\nThis is a known issue from years. We didn\u0027t invented this attack vector\nand never claimed so. We don\u0027t think that design changes will happen in\nthe short or mid term so it\u0027s better to have a proactive approach and\nsanitize outputs where functionalities are likely to not be affected at\nall like in this case. \n\nSecurity in complex systems requires some sinergy. \n\n2) Varnish is the only program that doesn\u0027t need a \"cat\" program as logs\nare stored in memory and displayed using the \"varnishlog\" utility. \n\n2) Apache fixed a similiar bug (CVE-2003-0020), \"Low: Error log escape\nfiltering\", in 2004 (six years ago). The bug was affecting Apache up\nto 1.3.29 [8] or 2.0.48 [9] depending on the branch. \n\nTake you conclusion, criticize if you want. In the meantime things are a\nlittle safer. \n\nVII. CVE INFORMATION\n\nCVE-2009-4487 nginx 0.7.64\nCVE-2009-4488 Varnish 2.0.6\nCVE-2009-4489 Cherokee 0.99.30\nCVE-2009-4490 mini_httpd 1.19\nCVE-2009-4491 thttpd 2.25b0\nCVE-2009-4492 WEBrick 1.3.1\nCVE-2009-4493 Orion 2.0.7\nCVE-2009-4494 AOLserver 4.5.1\nCVE-2009-4495 Yaws 1.85\nCVE-2009-4496 Boa 0.94.14rc21\n\nVIII. DISCLOSURE TIMELINE\n\n20091117 Bug discovered\n20091208 First vendor contact\n20091209 Cherokee team confirms vulnerability (Alvaro Lopez Ortega)\n20091209 Alvaro Lopez Ortega commits Cherokee patch\n20091210 Ruby team confirms vulnerability (Shugo Maeda)\n20091211 Shugo Maeda sends us webrick patch for evaulation\n20091211 AOLserver confirms vulnerability (Jim Davidson)\n20091221 Contacted Raphael Geissert (Debian Security)\n20091223 Contacted Steven M. Christey (mitre.org)\n20091230 Raphael Geissert forwards to Redhat, Debian, Ubuntu and Mitre\n20091230 CVEs assigned by Steven M. Christey\n20100105 Poul-Henning (Varnish) Kamp said WONT-FIX\n20100105 Ruby team is ready for commit (Urabe Shyouhei)\n20100106 Second vendor contact\n20100110 Advisory release\n\nIX. REFERENCES\n\n[1] Jetty 6.x and 7.x Multiple Vulnerabilities\n http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt\n[2] Apache does not filter terminal escape sequences from error logs\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020\n[3] Apache does not filter terminal escape sequences from access logs\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083\n[4] Debian GNU/Linux XTERM (DECRQSS/comments) Weakness Vulnerability\n http://www.milw0rm.com/exploits/7681\n[5] Terminal Emulator Security Issues\n http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2\n[6] Eterm Screen Dump Escape Sequence Local File Corruption Vulnerability\n http://www.securityfocus.com/bid/6936/discuss\n[7] RXVT Screen Dump Escape Sequence Local File Corruption Vulnerability\n http://www.securityfocus.com/bid/6938/discuss\n[8] Apache httpd 1.3 vulnerabilities\n http://httpd.apache.org/security/vulnerabilities_13.html\n[9] Apache httpd 2.2 vulnerabilities\n http://httpd.apache.org/security/vulnerabilities_22.html\n\nX. CREDIT\n\nGiovanni \"evilaliv3\" Pellerano, Alessandro \"jekil\" Tanasi and\nFrancesco \"ascii\" Ongaro are credited with the discovery of this\nvulnerability. \n\nGiovanni \"evilaliv3\" Pellerano\nweb site: http://www.ush.it/, http://www.evilaliv3.org/\nmail: evilaliv3 AT ush DOT it\n\nAlessandro \"jekil\" Tanasi\nweb site: http://www.tanasi.it/\nmail: alessandro AT tanasi DOT it\n\nFrancesco \"ascii\" Ongaro\nweb site: http://www.ush.it/\nmail: ascii AT ush DOT it\n\nX. LEGAL NOTICES\n\nCopyright (c) 2009 Francesco \"ascii\" Ongaro\n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without mine express\nwritten consent. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease email me for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information", "sources": [ { "db": "NVD", "id": "CVE-2009-4487" }, { "db": "JVNDB", "id": "JVNDB-2010-004324" }, { "db": "BID", "id": "37711" }, { "db": "VULHUB", "id": "VHN-41933" }, { "db": "PACKETSTORM", "id": "85018" } ], "trust": 2.07 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-41933", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-41933" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2009-4487", "trust": 2.9 }, { "db": "BID", "id": "37711", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2010-004324", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201001-094", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "85018", "trust": 0.2 }, { "db": "EXPLOIT-DB", "id": "33490", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-88037", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-86709", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-41933", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "7681", "trust": 0.1 }, { "db": "BID", "id": "6936", "trust": 0.1 }, { "db": "BID", "id": "6938", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-41933" }, { "db": "BID", "id": "37711" }, { "db": "JVNDB", "id": "JVNDB-2010-004324" }, { "db": "PACKETSTORM", "id": "85018" }, { "db": "NVD", "id": "CVE-2009-4487" }, { "db": "CNNVD", "id": "CNNVD-201001-094" } ] }, "id": "VAR-201001-0319", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-41933" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:04:26.326000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "nginx news", "trust": 0.8, "url": "http://nginx.org/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-004324" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-41933" }, { "db": "JVNDB", "id": "JVNDB-2010-004324" }, { "db": "NVD", "id": "CVE-2009-4487" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://www.securityfocus.com/bid/37711" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded" }, { "trust": 1.2, "url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4487" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4487" }, { "trust": 0.6, "url": "httpd_escape/adv.txt" }, { "trust": 0.6, "url": "http://www.ush.it/team/ush/hack_" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "/archive/1/508830" }, { "trust": 0.1, "url": "http://www.securityfocus.com/bid/6936/discuss" }, { "trust": 0.1, "url": "http://www.tanasi.it/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4495" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4487" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4494" }, { "trust": 0.1, "url": "http://www.cherokee-project.com/" }, { "trust": 0.1, "url": "http://www.aolserver.com/" }, { "trust": 0.1, "url": "http://www.ush.it/" }, { "trust": 0.1, "url": "http://www.boa.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4488" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0083" }, { "trust": 0.1, "url": "http://www.nginx.net/" }, { "trust": 0.1, "url": "http://www.ruby-lang.org/" }, { "trust": 0.1, "url": "http://www.google.com/search?q=\"powered+by+cherokee\"" }, { "trust": 0.1, "url": "http://www.milw0rm.com/exploits/7681" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4492" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0020" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4489" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4490" }, { "trust": 0.1, "url": "http://www.acme.com/software/mini_httpd/" }, { "trust": 0.1, "url": "http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection" }, { "trust": 0.1, "url": "http://httpd.apache.org/security/vulnerabilities_13.html" }, { "trust": 0.1, "url": "http://www.securityfocus.com/bid/6938/discuss" }, { "trust": 0.1, "url": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt" }, { "trust": 0.1, "url": "http://shodan.surtri.com/?q=nginx" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4496" }, { "trust": 0.1, "url": "http://varnish.projects.linpro.no/" }, { "trust": 0.1, "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 0.1, "url": "http://svn.cherokee-project.com/changeset/3977)" }, { "trust": 0.1, "url": "http://www.ush.it/," }, { "trust": 0.1, "url": "http://www.evilaliv3.org/" }, { "trust": 0.1, "url": "http://yaws.hyber.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4493" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4491" }, { "trust": 0.1, "url": "http://svn.cherokee-project.com/changeset/3944)" }, { "trust": 0.1, "url": "http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a" }, { "trust": 0.1, "url": "http://www.acme.com/software/thttpd/" }, { "trust": 0.1, "url": "http://www.antani.gov" }, { "trust": 0.1, "url": "http://www.orionserver.com/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-41933" }, { "db": "BID", "id": "37711" }, { "db": "JVNDB", "id": "JVNDB-2010-004324" }, { "db": "PACKETSTORM", "id": "85018" }, { "db": "NVD", "id": "CVE-2009-4487" }, { "db": "CNNVD", "id": "CNNVD-201001-094" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-41933" }, { "db": "BID", "id": "37711" }, { "db": "JVNDB", "id": "JVNDB-2010-004324" }, { "db": "PACKETSTORM", "id": "85018" }, { "db": "NVD", "id": "CVE-2009-4487" }, { "db": "CNNVD", "id": "CNNVD-201001-094" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-01-13T00:00:00", "db": "VULHUB", "id": "VHN-41933" }, { "date": "2010-01-11T00:00:00", "db": "BID", "id": "37711" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-004324" }, { "date": "2010-01-11T22:57:19", "db": "PACKETSTORM", "id": "85018" }, { "date": "2010-01-13T20:30:00.357000", "db": "NVD", "id": "CVE-2009-4487" }, { "date": "2010-01-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201001-094" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-41933" }, { "date": "2010-01-11T00:00:00", "db": "BID", "id": "37711" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-004324" }, { "date": "2021-11-10T15:51:21.787000", "db": "NVD", "id": "CVE-2009-4487" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201001-094" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201001-094" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Vulnerabilities in file overwriting", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-004324" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input Validation Error", "sources": [ { "db": "BID", "id": "37711" }, { "db": "CNNVD", "id": "CNNVD-201001-094" } ], "trust": 0.9 } }
var-201911-1778
Vulnerability from variot
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM). nginx is prone to a security vulnerability that allows attackers to perform man-in-the-middle attacks. Remote attackers can exploit this issue to gain access to sensitive information; other attacks are also possible. NGINX is a lightweight web server/reverse proxy server and e-mail (IMAP/POP3) proxy server of the American NGINX company
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1778", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.65" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.61" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.40" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.2.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.62" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.66" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.64" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.36" }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "nginx", "scope": null, "trust": 0.8, "vendor": "igor sysoev", "version": null }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.40" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.36" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.35" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.33" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.66" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.65" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.64" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.62" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.61" } ], "sources": [ { "db": "BID", "id": "57139" }, { "db": "JVNDB", "id": "JVNDB-2011-005520" }, { "db": "NVD", "id": "CVE-2011-4968" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.62:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.65:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.66:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-4968" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "waloeiii.myopenid.com", "sources": [ { "db": "BID", "id": "57139" }, { "db": "CNNVD", "id": "CNNVD-201301-039" } ], "trust": 0.9 }, "cve": "CVE-2011-4968", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2011-4968", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-52913", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.2, "impactScore": 2.5, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.8, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2011-4968", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2011-4968", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201301-039", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-52913", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-52913" }, { "db": "JVNDB", "id": "JVNDB-2011-005520" }, { "db": "NVD", "id": "CVE-2011-4968" }, { "db": "CNNVD", "id": "CNNVD-201301-039" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM). nginx is prone to a security vulnerability that allows attackers to perform man-in-the-middle attacks. \nRemote attackers can exploit this issue to gain access to sensitive information; other attacks are also possible. NGINX is a lightweight web server/reverse proxy server and e-mail (IMAP/POP3) proxy server of the American NGINX company", "sources": [ { "db": "NVD", "id": "CVE-2011-4968" }, { "db": "JVNDB", "id": "JVNDB-2011-005520" }, { "db": "BID", "id": "57139" }, { "db": "VULHUB", "id": "VHN-52913" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-4968", "trust": 2.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2013/01/03/8", "trust": 2.5 }, { "db": "BID", "id": "57139", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2011-005520", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201301-039", "trust": 0.7 }, { "db": "SEEBUG", "id": "SSVID-60559", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-52913", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-52913" }, { "db": "BID", "id": "57139" }, { "db": "JVNDB", "id": "JVNDB-2011-005520" }, { "db": "NVD", "id": "CVE-2011-4968" }, { "db": "CNNVD", "id": "CNNVD-201301-039" } ] }, "id": "VAR-201911-1778", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-52913" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:01:57.786000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://nginx.org/" }, { "title": "CVE-2011-4968", "trust": 0.8, "url": "https://security-tracker.debian.org/tracker/cve-2011-4968" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-005520" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-52913" }, { "db": "JVNDB", "id": "JVNDB-2011-005520" }, { "db": "NVD", "id": "CVE-2011-4968" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.openwall.com/lists/oss-security/2013/01/03/8" }, { "trust": 2.5, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2011-4968" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/57139" }, { "trust": 1.7, "url": "https://access.redhat.com/security/cve/cve-2011-4968" }, { "trust": 1.7, "url": "https://bugzilla.suse.com/show_bug.cgi?id=cve-2011-4968" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80952" }, { "trust": 1.7, "url": "https://security-tracker.debian.org/tracker/cve-2011-4968" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4968" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4968" } ], "sources": [ { "db": "VULHUB", "id": "VHN-52913" }, { "db": "JVNDB", "id": "JVNDB-2011-005520" }, { "db": "NVD", "id": "CVE-2011-4968" }, { "db": "CNNVD", "id": "CNNVD-201301-039" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-52913" }, { "db": "BID", "id": "57139" }, { "db": "JVNDB", "id": "JVNDB-2011-005520" }, { "db": "NVD", "id": "CVE-2011-4968" }, { "db": "CNNVD", "id": "CNNVD-201301-039" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-11-19T00:00:00", "db": "VULHUB", "id": "VHN-52913" }, { "date": "2013-01-03T00:00:00", "db": "BID", "id": "57139" }, { "date": "2019-12-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-005520" }, { "date": "2019-11-19T16:15:11.070000", "db": "NVD", "id": "CVE-2011-4968" }, { "date": "2013-01-05T00:00:00", "db": "CNNVD", "id": "CNNVD-201301-039" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-52913" }, { "date": "2013-01-03T00:00:00", "db": "BID", "id": "57139" }, { "date": "2019-12-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-005520" }, { "date": "2021-11-10T15:57:02.177000", "db": "NVD", "id": "CVE-2011-4968" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201301-039" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201301-039" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx http proxy Module input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-005520" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201301-039" } ], "trust": 0.6 } }
var-201112-0347
Vulnerability from variot
Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. nginx is prone to a remote heap-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to nginx 1.0.10 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22
http://security.gentoo.org/
Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.0.14 >= 1.0.14
Description
Multiple vulnerabilities have been found in nginx:
- The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555).
- The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896).
- nginx does not properly sanitize user input for the the WebDAV COPY or MOVE methods (CVE-2009-3898).
- The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315).
- nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180).
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-22.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: nginx DNS Response Handling Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46798
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46798/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46798
RELEASE DATE: 2011-11-17
DISCUSS ADVISORY: http://secunia.com/advisories/46798/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46798/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46798
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in nginx, which can be exploited by malicious people to potentially compromise a vulnerable system.
Successful exploitation may allow execution of arbitrary code but requires that the custom DNS resolver is enabled (disabled by default).
SOLUTION: Update to version 1.0.10.
PROVIDED AND/OR DISCOVERED BY: Ben Hawkes
ORIGINAL ADVISORY: nginx: http://nginx.org/en/CHANGES-1.0
Ben Hawkes: http://www.openwall.com/lists/oss-security/2011/11/17/8
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. This fixes a weakness, a security issue, and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), manipulate certain data, and potentially compromise a vulnerable system
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201112-0347", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webyast", "scope": "eq", "trust": 1.3, "vendor": "suse", "version": "1.2" }, { "model": "studio onsite", "scope": "eq", "trust": 1.3, "vendor": "suse", "version": "1.2" }, { "model": "studio", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "1.2" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.0.10" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.6.18" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.1.7" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "16" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.1.0" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.0.10" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.0.9" }, { "model": "studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "1.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.9" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.8" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.41" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.36" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.35" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.33" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.32" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.15" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.66" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.65" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.64" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.62" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.61" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.39" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.38" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.36" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.32" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.5.38" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.5.37" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.5" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "1.0.10" } ], "sources": [ { "db": "BID", "id": "50710" }, { "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "db": "NVD", "id": "CVE-2011-4315" }, { "db": "CNNVD", "id": "CNNVD-201111-315" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.10", "versionStartIncluding": "0.6.18", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.1.7", "versionStartIncluding": "1.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:suse:studio:1.2:*:*:*:standard:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:suse:studio_onsite:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:suse:webyast:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-4315" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ben Hawkes", "sources": [ { "db": "BID", "id": "50710" } ], "trust": 0.3 }, "cve": "CVE-2011-4315", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2011-4315", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-52260", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-4315", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201111-315", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-52260", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-52260" }, { "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "db": "NVD", "id": "CVE-2011-4315" }, { "db": "CNNVD", "id": "CNNVD-201111-315" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. nginx is prone to a remote heap-based buffer-overflow vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. \nVersions prior to nginx 1.0.10 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: nginx: Multiple vulnerabilities\n Date: March 28, 2012\n Bugs: #293785, #293786, #293788, #389319, #408367\n ID: 201203-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.0.14 \u003e= 1.0.14\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in nginx:\n\n* The TLS protocol does not properly handle session renegotiation\n requests (CVE-2009-3555). \n* The \"ngx_http_process_request_headers()\" function in ngx_http_parse.c\n could cause a NULL pointer dereference (CVE-2009-3896). \n* nginx does not properly sanitize user input for the the WebDAV COPY\n or MOVE methods (CVE-2009-3898). \n* The \"ngx_resolver_copy()\" function in ngx_resolver.c contains a\n boundary error which could cause a heap-based buffer overflow\n (CVE-2011-4315). \n* nginx does not properly parse HTTP header responses which could\n expose sensitive information (CVE-2012-1180). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.0.14\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2009-3896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896\n[ 3 ] CVE-2009-3898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898\n[ 4 ] CVE-2011-4315\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315\n[ 5 ] CVE-2012-1180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-22.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nnginx DNS Response Handling Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA46798\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46798/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46798\n\nRELEASE DATE:\n2011-11-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46798/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46798/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46798\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in nginx, which can be exploited by\nmalicious people to potentially compromise a vulnerable system. \n\nSuccessful exploitation may allow execution of arbitrary code but\nrequires that the custom DNS resolver is enabled (disabled by\ndefault). \n\nSOLUTION:\nUpdate to version 1.0.10. \n\nPROVIDED AND/OR DISCOVERED BY:\nBen Hawkes\n\nORIGINAL ADVISORY:\nnginx:\nhttp://nginx.org/en/CHANGES-1.0\n\nBen Hawkes:\nhttp://www.openwall.com/lists/oss-security/2011/11/17/8\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. This fixes a weakness, a\nsecurity issue, and multiple vulnerabilities, which can be exploited\nby malicious people to disclose certain sensitive information, bypass\ncertain security restrictions, cause a DoS (Denial of Service),\nmanipulate certain data, and potentially compromise a vulnerable\nsystem", "sources": [ { "db": "NVD", "id": "CVE-2011-4315" }, { "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "db": "BID", "id": "50710" }, { "db": "VULHUB", "id": "VHN-52260" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "107566" }, { "db": "PACKETSTORM", "id": "107076" }, { "db": "PACKETSTORM", "id": "111263" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-4315", "trust": 2.9 }, { "db": "BID", "id": "50710", "trust": 2.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2011/11/17/8", "trust": 1.8 }, { "db": "SECUNIA", "id": "47097", "trust": 1.8 }, { "db": "SECUNIA", "id": "48577", "trust": 1.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2011/11/17/10", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2011-003324", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201111-315", "trust": 0.7 }, { "db": "SECUNIA", "id": "46798", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-52260", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111273", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107566", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107076", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111263", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-52260" }, { "db": "BID", "id": "50710" }, { "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "107566" }, { "db": "PACKETSTORM", "id": "107076" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2011-4315" }, { "db": "CNNVD", "id": "CNNVD-201111-315" } ] }, "id": "VAR-201112-0347", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-52260" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:22:50.930000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CHANGES-1.0", "trust": 0.8, "url": "http://www.nginx.org/en/changes-1.0" }, { "title": "4268 (nginx)", "trust": 0.8, "url": "http://trac.nginx.org/nginx/changeset/4268/nginx" }, { "title": "nginx-1.0.10", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42000" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "db": "CNNVD", "id": "CNNVD-201111-315" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-52260" }, { "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "db": "NVD", "id": "CVE-2011-4315" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://trac.nginx.org/nginx/changeset/4268/nginx" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "trust": 1.7, "url": "http://secunia.com/advisories/47097" }, { "trust": 1.7, "url": "http://secunia.com/advisories/48577" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/50710" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-december/070569.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html" }, { "trust": 1.7, "url": "http://openwall.com/lists/oss-security/2011/11/17/8" }, { "trust": 1.7, "url": "http://openwall.com/lists/oss-security/2011/11/17/10" }, { "trust": 1.7, "url": "http://www.nginx.org/en/changes-1.0" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4315" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4315" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://www.nginx.org/en/changes" }, { "trust": 0.3, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.3, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.3, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.3, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.3, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.3, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.2, "url": "http://secunia.com/company/jobs/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3896" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4315" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3896" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4315" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47097" }, { "trust": 0.1, "url": "http://secunia.com/advisories/47097/" }, { "trust": 0.1, "url": "https://hermes.opensuse.org/messages/12768388" }, { "trust": 0.1, "url": "http://secunia.com/advisories/47097/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46798" }, { "trust": 0.1, "url": "http://www.openwall.com/lists/oss-security/2011/11/17/8" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46798/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46798/#comments" }, { "trust": 0.1, "url": "http://nginx.org/en/changes-1.0" }, { "trust": 0.1, "url": "http://secunia.com/psi_30_beta_launch" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48577/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48577/#comments" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml" } ], "sources": [ { "db": "VULHUB", "id": "VHN-52260" }, { "db": "BID", "id": "50710" }, { "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "107566" }, { "db": "PACKETSTORM", "id": "107076" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2011-4315" }, { "db": "CNNVD", "id": "CNNVD-201111-315" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-52260" }, { "db": "BID", "id": "50710" }, { "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "107566" }, { "db": "PACKETSTORM", "id": "107076" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2011-4315" }, { "db": "CNNVD", "id": "CNNVD-201111-315" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-12-08T00:00:00", "db": "VULHUB", "id": "VHN-52260" }, { "date": "2011-11-17T00:00:00", "db": "BID", "id": "50710" }, { "date": "2011-12-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "date": "2012-03-29T02:37:12", "db": "PACKETSTORM", "id": "111273" }, { "date": "2011-12-06T04:14:38", "db": "PACKETSTORM", "id": "107566" }, { "date": "2011-11-17T02:29:24", "db": "PACKETSTORM", "id": "107076" }, { "date": "2012-03-28T06:36:19", "db": "PACKETSTORM", "id": "111263" }, { "date": "2011-12-08T20:55:01", "db": "NVD", "id": "CVE-2011-4315" }, { "date": "2011-11-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201111-315" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-52260" }, { "date": "2015-04-13T21:13:00", "db": "BID", "id": "50710" }, { "date": "2011-12-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "date": "2021-11-10T15:54:43.753000", "db": "NVD", "id": "CVE-2011-4315" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201111-315" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201111-315" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Heap-based buffer overflow vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003324" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201111-315" } ], "trust": 0.6 } }
var-201908-0266
Vulnerability from variot
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Apple SwiftNIO Used in products such as HTTP/2 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper parsing of zero length headers by the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. nginx.org has confirmed the vulnerability and released software updates.
For the oldstable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u3.
For the stable distribution (buster), these problems have been fixed in version 1.14.2-2+deb10u1.
We recommend that you upgrade your nginx packages.
For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1e7q4ACgkQEMKTtsN8 TjanPg/+JLLuKVdUDpVPFNkX1ckmT5gsoCwzGz3ybhcDMxbf7jD8jtmXFiGFn4fP MXsx6MgrRZn3hq+2VF6MKZjKh9n1hBX38PkqjHKEtV6Xzor97xxLH0rrMlBMEQ7y rz96YTffJfcj+ykI3Vlye1GGDEiKyu0vWgoutXH3i8GUYFyDk//HQdI0eJLQhkfo TMRdbAKmMGeMt/8tSz4G0wewdxc9xjNwE1lKkV22JbT6t656f5QtvOLxt2HvM5c4 gFtFFBv7e1ymh0CKz4VxOxjEH+4ogx5HfzcYP2LjaZJsCFOw8ZUbdieFhlF0R2jH vskBuYLPa/djYHoZ55KY/WTmTsn72y7ZEuQcAdiHRVjg6wRFaum/KkdwutBBCeEj odvrGUcgdLLx4uAC7JOt9HME77Rgu1wTnx3l9L3QCwxIXpHqL8zOuSrSKYDuntDT agQ/awapEYYK5IAgo7YGkhHHHbTSLQ2UX9KfmyoPXJ+H9Vl/XjGhPwdDSEYNqrE9 IKQ8gaFCVOgjJo8lTa5NBsvxa08Gh6jQGZo8Rgfjs4KvUS847Cpb086BvU9pMs36 46+cLbkJ2jkfMLd4slZ5Gf2wkagUJmeZD5O7bY90Szs/IUOJez0LWaN3l7VSMtvY a3a/Y53cX1QYt60eiE6x/ifraOHzcsJglrUNmK8VPfJ9tSTFhWY=+ZOE -----END PGP SIGNATURE----- . Description:
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx110-nginx security update Advisory ID: RHSA-2019:2745-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2745 Issue date: 2019-09-12 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary:
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
-
HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx110-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXXoyktzjgjWX9erEAQhqVxAApUw26k8XmcjEQM1gNlPgcNvj98eqGOxP vsQLEYCjMQuNtZdeZdgSGv1RLdIxK60CByHpOpy4HVa2cN96CLTDl+cRd2l5JyK2 mVCGTg6Iyin0Vp0gRLG8xwUZqiqfwRRmdvFaK2YD8sH3ykBAheg3udRBr11/l8X+ 4kBCmOttfl0ZTNe/VBi8j5l8bpSZm2W9Hw0gzdzFikI8ScPSOzZkmgRXT3LBCt2k rNGGNrrJLOC9jqwsNea6WXIpmTIdbtiAnL6V22adVjdBGkoJBxe79pqdgvJNYC14 ENl1NKX0UEidrYZ/PS6YtCnFNEpsONM43ZtHliEzMxYCnk/pQNAx4iArdf81tKG6 uglPwQlgaEJm+/2Nnlst07cABT9boYOUcGiKpQhzzs9QuABqJN1u2ZgTDmQkq9gU BGuV3ejUHRHlYuMyNNS/L9SLDAHptsCEzpEzr8Vl4T+m1ah9+AUeI+PqgO1n/1Nl Omt/g+f6ErlKMF2Jf8VkuYnLroqptZefYQJ1+mP9PhYYCh7jw3r00xi036SNeR/0 Elhvl6t48tYTZogIaOetCuJGgukluOPlYBJAlj2/pQjWlAWAYvvb5ha0fitXbDJR LF0KoJoT/6yZLD+XAuHkM9j7spA0iND1czI5j1Ay6R6DnsGAubJxdB4L0RRQ2U7X zMtgbVh8BNU=zH69 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
JBCS-826 - Rebase nghttp2 to 1.39.2
-
8) - aarch64, noarch, ppc64le, s390x, x86_64
-
Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update). 7) - noarch, x86_64
- Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.16.3)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0266", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "7.7.2.0" }, { "model": "web gateway", "scope": "lt", "trust": 1.0, "vendor": "mcafee", "version": "7.7.2.24" }, { "model": "vs960hd", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": null }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "32" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "8.16.1" }, { "model": "openshift service mesh", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "software collections", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "29" }, { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.0.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2.0" }, { "model": "web gateway", "scope": "lt", "trust": 1.0, "vendor": "mcafee", "version": "8.2.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.17.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "12.0.0" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.17.2" }, { "model": "traffic server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "8.0.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "8.0.0" }, { "model": "diskstation manager", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": "6.2" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "12.8.1" }, { "model": "swiftnio", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "1.4.0" }, { "model": "traffic server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "7.0.0" }, { "model": "quay", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "3.0.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "jboss core services", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "traffic server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "7.1.6" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "8.1.0" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "10.16.3" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.9.5" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "traffic server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "8.0.3" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "30" }, { "model": "web gateway", "scope": "lt", "trust": 1.0, "vendor": "mcafee", "version": "7.8.2.13" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "skynas", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": null }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.16.1" }, { "model": "swiftnio", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "1.0.0" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "7.8.2.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "19.04" }, { "model": "traffic server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "6.0.0" }, { "model": "traffic server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "6.2.3" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "akamai", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "amazon", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apache traffic server", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cloudflare", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "envoy", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "facebook", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "go programming language", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "litespeed", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "netty", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "node js", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "twisted", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "grpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nghttp2", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nginx", "version": null }, { "model": "traffic server", "scope": null, "trust": 0.8, "vendor": "apache", "version": null }, { "model": "ubuntu", "scope": null, "trust": 0.8, "vendor": "canonical", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "diskstation manager", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "skynas", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "vs960hd", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "swiftnio", "scope": null, "trust": 0.8, "vendor": "apple", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#605641" }, { "db": "JVNDB", "id": "JVNDB-2019-008116" }, { "db": "NVD", "id": "CVE-2019-9516" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.4.0", "versionStartIncluding": "1.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "10.12", "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "14.04", "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.3", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.1.6", "versionStartIncluding": "7.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.2.3", "versionStartIncluding": "6.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.7.2.24", "versionStartIncluding": "7.7.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.8.2.13", "versionStartIncluding": "7.8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.2.0", "versionStartIncluding": "8.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.16.1", "versionStartIncluding": "1.9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.17.2", "versionStartIncluding": "1.17.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "12.8.1", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "8.16.1", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "10.16.3", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-9516" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "154712" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "154470" }, { "db": "PACKETSTORM", "id": "154697" }, { "db": "PACKETSTORM", "id": "157214" }, { "db": "PACKETSTORM", "id": "154533" }, { "db": "PACKETSTORM", "id": "156852" }, { "db": "PACKETSTORM", "id": "154693" } ], "trust": 0.8 }, "cve": "CVE-2019-9516", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-9516", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-160951", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2019-9516", "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cret@cert.org", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-9516", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-9516", "trust": 1.0, "value": "MEDIUM" }, { "author": "cret@cert.org", "id": "CVE-2019-9516", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-9516", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201908-938", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-160951", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-9516", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-160951" }, { "db": "VULMON", "id": "CVE-2019-9516" }, { "db": "JVNDB", "id": "JVNDB-2019-008116" }, { "db": "CNNVD", "id": "CNNVD-201908-938" }, { "db": "NVD", "id": "CVE-2019-9516" }, { "db": "NVD", "id": "CVE-2019-9516" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Apple SwiftNIO Used in products such as HTTP/2 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. \nThe vulnerability is due to improper parsing of zero length headers by the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that\nsubmits malicious input to an affected system. A successful exploit\ncould result in a DoS condition on the targeted system. \nnginx.org has confirmed the vulnerability and released software updates. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 1.10.3-1+deb9u3. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.14.2-2+deb10u1. \n\nWe recommend that you upgrade your nginx packages. \n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1e7q4ACgkQEMKTtsN8\nTjanPg/+JLLuKVdUDpVPFNkX1ckmT5gsoCwzGz3ybhcDMxbf7jD8jtmXFiGFn4fP\nMXsx6MgrRZn3hq+2VF6MKZjKh9n1hBX38PkqjHKEtV6Xzor97xxLH0rrMlBMEQ7y\nrz96YTffJfcj+ykI3Vlye1GGDEiKyu0vWgoutXH3i8GUYFyDk//HQdI0eJLQhkfo\nTMRdbAKmMGeMt/8tSz4G0wewdxc9xjNwE1lKkV22JbT6t656f5QtvOLxt2HvM5c4\ngFtFFBv7e1ymh0CKz4VxOxjEH+4ogx5HfzcYP2LjaZJsCFOw8ZUbdieFhlF0R2jH\nvskBuYLPa/djYHoZ55KY/WTmTsn72y7ZEuQcAdiHRVjg6wRFaum/KkdwutBBCeEj\nodvrGUcgdLLx4uAC7JOt9HME77Rgu1wTnx3l9L3QCwxIXpHqL8zOuSrSKYDuntDT\nagQ/awapEYYK5IAgo7YGkhHHHbTSLQ2UX9KfmyoPXJ+H9Vl/XjGhPwdDSEYNqrE9\nIKQ8gaFCVOgjJo8lTa5NBsvxa08Gh6jQGZo8Rgfjs4KvUS847Cpb086BvU9pMs36\n46+cLbkJ2jkfMLd4slZ5Gf2wkagUJmeZD5O7bY90Szs/IUOJez0LWaN3l7VSMtvY\na3a/Y53cX1QYt60eiE6x/ifraOHzcsJglrUNmK8VPfJ9tSTFhWY=+ZOE\n-----END PGP SIGNATURE-----\n. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. After installing the updated\npackages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx110-nginx security update\nAdvisory ID: RHSA-2019:2745-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2745\nIssue date: 2019-09-12\nCVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\n====================================================================\n1. Summary:\n\nAn update for rh-nginx110-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx110-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXXoyktzjgjWX9erEAQhqVxAApUw26k8XmcjEQM1gNlPgcNvj98eqGOxP\nvsQLEYCjMQuNtZdeZdgSGv1RLdIxK60CByHpOpy4HVa2cN96CLTDl+cRd2l5JyK2\nmVCGTg6Iyin0Vp0gRLG8xwUZqiqfwRRmdvFaK2YD8sH3ykBAheg3udRBr11/l8X+\n4kBCmOttfl0ZTNe/VBi8j5l8bpSZm2W9Hw0gzdzFikI8ScPSOzZkmgRXT3LBCt2k\nrNGGNrrJLOC9jqwsNea6WXIpmTIdbtiAnL6V22adVjdBGkoJBxe79pqdgvJNYC14\nENl1NKX0UEidrYZ/PS6YtCnFNEpsONM43ZtHliEzMxYCnk/pQNAx4iArdf81tKG6\nuglPwQlgaEJm+/2Nnlst07cABT9boYOUcGiKpQhzzs9QuABqJN1u2ZgTDmQkq9gU\nBGuV3ejUHRHlYuMyNNS/L9SLDAHptsCEzpEzr8Vl4T+m1ah9+AUeI+PqgO1n/1Nl\nOmt/g+f6ErlKMF2Jf8VkuYnLroqptZefYQJ1+mP9PhYYCh7jw3r00xi036SNeR/0\nElhvl6t48tYTZogIaOetCuJGgukluOPlYBJAlj2/pQjWlAWAYvvb5ha0fitXbDJR\nLF0KoJoT/6yZLD+XAuHkM9j7spA0iND1czI5j1Ay6R6DnsGAubJxdB4L0RRQ2U7X\nzMtgbVh8BNU=zH69\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-826 - Rebase nghttp2 to 1.39.2\n\n7. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs10-nodejs (10.16.3)", "sources": [ { "db": "NVD", "id": "CVE-2019-9516" }, { "db": "CERT/CC", "id": "VU#605641" }, { "db": "JVNDB", "id": "JVNDB-2019-008116" }, { "db": "VULHUB", "id": "VHN-160951" }, { "db": "VULMON", "id": "CVE-2019-9516" }, { "db": "PACKETSTORM", "id": "154190" }, { "db": "PACKETSTORM", "id": "154712" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "154470" }, { "db": "PACKETSTORM", "id": "154697" }, { "db": "PACKETSTORM", "id": "157214" }, { "db": "PACKETSTORM", "id": "154533" }, { "db": "PACKETSTORM", "id": "156852" }, { "db": "PACKETSTORM", "id": "154693" } ], "trust": 3.33 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-9516", "trust": 3.5 }, { "db": "CERT/CC", "id": "VU#605641", "trust": 3.4 }, { "db": "MCAFEE", "id": "SB10296", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU93696206", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU98433488", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-008116", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201908-938", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "154190", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "157214", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "156852", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3116", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3213", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4788", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3129", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1076", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3597.3", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4645", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4403", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1335", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3597.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3299", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0100", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1030", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "156941", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "155414", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "154697", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "154698", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-160951", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-9516", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154712", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155417", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154470", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154533", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154693", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#605641" }, { "db": "VULHUB", "id": "VHN-160951" }, { "db": "VULMON", "id": "CVE-2019-9516" }, { "db": "JVNDB", "id": "JVNDB-2019-008116" }, { "db": "PACKETSTORM", "id": "154190" }, { "db": "PACKETSTORM", "id": "154712" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "154470" }, { "db": "PACKETSTORM", "id": "154697" }, { "db": "PACKETSTORM", "id": "157214" }, { "db": "PACKETSTORM", "id": "154533" }, { "db": "PACKETSTORM", "id": "156852" }, { "db": "PACKETSTORM", "id": "154693" }, { "db": "CNNVD", "id": "CNNVD-201908-938" }, { "db": "NVD", "id": "CVE-2019-9516" } ] }, "id": "VAR-201908-0266", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-160951" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:13:00.989000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-4505", "trust": 0.8, "url": "https://www.debian.org/security/2019/dsa-4505" }, { "title": "FEDORA-2019-befd924cfe", "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/" }, { "title": "FEDORA-2019-6a2980de56", "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/" }, { "title": "FEDORA-2019-5a6a7bc12c", "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/" }, { "title": "SwiftNIO", "trust": 0.8, "url": "https://github.com/apple/swift-nio" }, { "title": "Apache Traffic Server", "trust": 0.8, "url": "https://github.com/apache/trafficserver" }, { "title": "Synology-SA-19:33 HTTP/2 DoS Attacks", "trust": 0.8, "url": "https://www.synology.com/ja-jp/security/advisory/synology_sa_19_33" }, { "title": "USN-4099-1", "trust": 0.8, "url": "https://usn.ubuntu.com/4099-1/" }, { "title": "HTTP/2 Remedial measures to achieve security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96621" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192950 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192946 - security advisory" }, { "title": "Red Hat: Important: rh-nginx110-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192745 - security advisory" }, { "title": "Red Hat: Important: rh-nginx114-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192775 - security advisory" }, { "title": "Red Hat: Important: nginx:1.14 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192799 - security advisory" }, { "title": "Red Hat: Important: rh-nginx112-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192746 - security advisory" }, { "title": "Red Hat: Important: Red Hat Quay v3.1.1 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192966 - security advisory" }, { "title": "Red Hat: CVE-2019-9516", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2019-9516" }, { "title": "Debian CVElist Bug Report Logs: nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=aa3f98e7e42f366cb232cf3ada195106" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4099-1" }, { "title": "Debian Security Advisories: DSA-4505-1 nginx -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b38c3ef2fccf5f32d01340c117d4ef05" }, { "title": "Red Hat: Important: nodejs:10 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192925 - security advisory" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2019-9516" }, { "title": "Red Hat: Important: rh-nodejs8-nodejs security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192955 - security advisory" }, { "title": "Red Hat: Important: rh-nodejs10-nodejs security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192939 - security advisory" }, { "title": "Arch Linux Advisories: [ASA-201908-13] nginx: denial of service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201908-13" }, { "title": "Amazon Linux AMI: ALAS-2019-1299", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1299" }, { "title": "Arch Linux Advisories: [ASA-201908-12] nginx-mainline: denial of service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201908-12" }, { "title": "Amazon Linux 2: ALAS2-2019-1342", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1342" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193935 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193932 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193933 - security advisory" }, { "title": "Red Hat: Important: Red Hat AMQ Broker 7.4.3 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201445 - security advisory" }, { "title": "Red Hat: Important: Red Hat AMQ Broker 7.6 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200922 - security advisory" }, { "title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200983 - security advisory" }, { "title": "IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3b9c6b5fbfb51d956856e88dff5a7acd" }, { "title": "IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5ad9418973cac91ba73c01ad16b1f5a4" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=89d19e42a01e098dd5f88e0433d2bb5d" }, { "title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8f76cfb8f0c5ea84a0bc28705788f854" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ce0280dd79176d32c26f34906d1d4de" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b76ff63209def4a949aa18bdf6b518b8" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=247686da02fe524817c1939b0f6b6a5c" }, { "title": "Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=fg-ir-19-225" }, { "title": "bogeitingress", "trust": 0.1, "url": "https://github.com/lieshoujieyuan/bogeitingress " }, { "title": "DC-4-Vulnhub-Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/dc-4-vulnhub-walkthrough " }, { "title": "", "trust": 0.1, "url": "https://github.com/khulnasoft-lab/awesome-security " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/http-bugs/147405/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-9516" }, { "db": "JVNDB", "id": "JVNDB-2019-008116" }, { "db": "CNNVD", "id": "CNNVD-201908-938" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-770", "trust": 1.1 }, { "problemtype": "CWE-400", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-160951" }, { "db": "JVNDB", "id": "JVNDB-2019-008116" }, { "db": "NVD", "id": "CVE-2019-9516" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "trust": 2.6, "url": "https://www.synology.com/security/advisory/synology_sa_19_33" }, { "trust": 2.6, "url": "https://seclists.org/bugtraq/2019/aug/24" }, { "trust": 2.6, "url": "https://kb.cert.org/vuls/id/605641/" }, { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:3932" }, { "trust": 2.5, "url": "https://usn.ubuntu.com/4099-1/" }, { "trust": 2.4, "url": "https://www.debian.org/security/2019/dsa-4505" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:3933" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:3935" }, { "trust": 2.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:2745" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:2799" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:2939" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:2946" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:2955" }, { "trust": 1.8, "url": "https://seclists.org/bugtraq/2019/aug/40" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20190823-0002/" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20190823-0005/" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2019/aug/16" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2746" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2775" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2925" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2950" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2966" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html" }, { "trust": 1.7, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296" }, { "trust": 1.6, "url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html" }, { "trust": 1.4, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516" }, { "trust": 1.2, "url": "https://support.f5.com/csp/article/k02591030" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/h472d5hpxn6rrxcnfml3bk5oyc52cxf2/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/" }, { "trust": 1.0, "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss" }, { "trust": 0.8, "url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752" }, { "trust": 0.8, "url": "https://tools.ietf.org/html/rfc7540" }, { "trust": 0.8, "url": "https://tools.ietf.org/html/rfc7541" }, { "trust": 0.8, "url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/" }, { "trust": 0.8, "url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/" }, { "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h472d5hpxn6rrxcnfml3bk5oyc52cxf2/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98433488/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93696206/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.8, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2019-9516" }, { "trust": 0.8, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.8, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026utm_medium=rss" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2019-9517" }, { "trust": 0.6, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.6, "url": "http2-cves/" }, { "trust": 0.6, "url": "https://www.cloudfoundry.org/blog/various-" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511" }, { "trust": 0.6, "url": "https://support.f5.com/csp/article/k50233772" }, { "trust": 0.6, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4403/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4788/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/154190/debian-security-advisory-4505-1.html" }, { "trust": 0.6, "url": "https://pivotal.io/security/cve-2019-9517" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht210436" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1143454" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3116/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3213/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3299/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1335/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1072144" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1150960" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1137466" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0100/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1167160" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3129/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1076/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1030/" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-9513" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0222" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-20445" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-20444" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16869" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10247" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10241" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296" }, { "trust": 0.1, "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/770.html" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=60633" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.kb.cert.org/vuls/id/605641" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/nginx" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-0737" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-17199" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0217" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0197" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-17189" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-5407" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0196" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-0734" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.4.3" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:1445" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.6.0\u0026productchanged=yes" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:0922" } ], "sources": [ { "db": "CERT/CC", "id": "VU#605641" }, { "db": "VULHUB", "id": "VHN-160951" }, { "db": "VULMON", "id": "CVE-2019-9516" }, { "db": "JVNDB", "id": "JVNDB-2019-008116" }, { "db": "PACKETSTORM", "id": "154190" }, { "db": "PACKETSTORM", "id": "154712" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "154470" }, { "db": "PACKETSTORM", "id": "154697" }, { "db": "PACKETSTORM", "id": "157214" }, { "db": "PACKETSTORM", "id": "154533" }, { "db": "PACKETSTORM", "id": "156852" }, { "db": "PACKETSTORM", "id": "154693" }, { "db": "CNNVD", "id": "CNNVD-201908-938" }, { "db": "NVD", "id": "CVE-2019-9516" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#605641" }, { "db": "VULHUB", "id": "VHN-160951" }, { "db": "VULMON", "id": "CVE-2019-9516" }, { "db": "JVNDB", "id": "JVNDB-2019-008116" }, { "db": "PACKETSTORM", "id": "154190" }, { "db": "PACKETSTORM", "id": "154712" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "154470" }, { "db": "PACKETSTORM", "id": "154697" }, { "db": "PACKETSTORM", "id": "157214" }, { "db": "PACKETSTORM", "id": "154533" }, { "db": "PACKETSTORM", "id": "156852" }, { "db": "PACKETSTORM", "id": "154693" }, { "db": "CNNVD", "id": "CNNVD-201908-938" }, { "db": "NVD", "id": "CVE-2019-9516" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-13T00:00:00", "db": "CERT/CC", "id": "VU#605641" }, { "date": "2019-08-13T00:00:00", "db": "VULHUB", "id": "VHN-160951" }, { "date": "2019-08-13T00:00:00", "db": "VULMON", "id": "CVE-2019-9516" }, { "date": "2019-08-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-008116" }, { "date": "2019-08-22T20:20:23", "db": "PACKETSTORM", "id": "154190" }, { "date": "2019-10-02T15:03:59", "db": "PACKETSTORM", "id": "154712" }, { "date": "2019-11-20T21:11:11", "db": "PACKETSTORM", "id": "155417" }, { "date": "2019-09-12T14:32:43", "db": "PACKETSTORM", "id": "154470" }, { "date": "2019-10-01T20:45:33", "db": "PACKETSTORM", "id": "154697" }, { "date": "2020-04-14T15:39:41", "db": "PACKETSTORM", "id": "157214" }, { "date": "2019-09-19T16:28:51", "db": "PACKETSTORM", "id": "154533" }, { "date": "2020-03-23T15:57:42", "db": "PACKETSTORM", "id": "156852" }, { "date": "2019-09-30T22:22:22", "db": "PACKETSTORM", "id": "154693" }, { "date": "2019-08-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-938" }, { "date": "2019-08-13T21:15:12.583000", "db": "NVD", "id": "CVE-2019-9516" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-11-19T00:00:00", "db": "CERT/CC", "id": "VU#605641" }, { "date": "2020-10-22T00:00:00", "db": "VULHUB", "id": "VHN-160951" }, { "date": "2022-08-05T00:00:00", "db": "VULMON", "id": "CVE-2019-9516" }, { "date": "2019-08-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-008116" }, { "date": "2021-10-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-938" }, { "date": "2023-11-07T03:13:42.893000", "db": "NVD", "id": "CVE-2019-9516" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-938" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion", "sources": [ { "db": "CERT/CC", "id": "VU#605641" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-938" } ], "trust": 0.6 } }
var-201006-0493
Vulnerability from variot
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. Nginx is a high-performance web server that is widely used. It is not only often used as a reverse proxy, but also very well supported for PHP. Nginx does not handle user requests correctly. A remote attacker can exploit the vulnerability to obtain script source code information and perform denial of service attacks on the application. nginx is prone to remote source-code-disclosure and denial-of-service vulnerabilities. nginx 0.8.36 for Windows is vulnerable; other versions may also be affected
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201006-0493", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.7.52" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "0.7.66" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.8.0" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "0.8.39" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.7.66" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.40" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.7" }, { "model": null, "scope": null, "trust": 0.6, "vendor": "no", "version": null }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.16" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.15" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.2" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.14" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.3" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.13" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.20" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.36" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.35" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.33" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.32" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.15" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.65" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.64" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.62" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.61" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "0.8.41" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "0.7.66" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-1094" }, { "db": "BID", "id": "40760" }, { "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "db": "NVD", "id": "CVE-2010-2263" }, { "db": "CNNVD", "id": "CNNVD-201006-224" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.66", "versionStartIncluding": "0.7.52", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.8.39", "versionStartIncluding": "0.8.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-2263" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Dr_IDE Jose Antonio Vazquez Gonzalez", "sources": [ { "db": "CNNVD", "id": "CNNVD-201006-224" } ], "trust": 0.6 }, "cve": "CVE-2010-2263", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2010-2263", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-2263", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201006-224", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "db": "NVD", "id": "CVE-2010-2263" }, { "db": "CNNVD", "id": "CNNVD-201006-224" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. Nginx is a high-performance web server that is widely used. It is not only often used as a reverse proxy, but also very well supported for PHP. Nginx does not handle user requests correctly. A remote attacker can exploit the vulnerability to obtain script source code information and perform denial of service attacks on the application. nginx is prone to remote source-code-disclosure and denial-of-service vulnerabilities. \nnginx 0.8.36 for Windows is vulnerable; other versions may also be affected", "sources": [ { "db": "NVD", "id": "CVE-2010-2263" }, { "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "db": "CNVD", "id": "CNVD-2010-1094" }, { "db": "BID", "id": "40760" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-2263", "trust": 2.7 }, { "db": "BID", "id": "40760", "trust": 2.5 }, { "db": "EXPLOIT-DB", "id": "13818", "trust": 1.6 }, { "db": "EXPLOIT-DB", "id": "13822", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2010-004869", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2010-1094", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201006-224", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-1094" }, { "db": "BID", "id": "40760" }, { "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "db": "NVD", "id": "CVE-2010-2263" }, { "db": "CNNVD", "id": "CNNVD-201006-224" } ] }, "id": "VAR-201006-0493", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2010-1094" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-1094" } ] }, "last_update_date": "2023-12-18T12:31:33.369000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://nginx.org/" }, { "title": "Nginx remote source code leak and denial of service patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/454" }, { "title": "Vulnerabilities with Windows file default stream", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=3683" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-1094" }, { "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "db": "CNNVD", "id": "CNNVD-201006-224" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "db": "NVD", "id": "CVE-2010-2263" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html" }, { "trust": 1.6, "url": "http://www.exploit-db.com/exploits/13818" }, { "trust": 1.6, "url": "http://www.exploit-db.com/exploits/13822" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/40760" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2263" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2263" }, { "trust": 0.6, "url": "http://www.securityfocus.com/bid/40760/" }, { "trust": 0.3, "url": "http://nginx.org/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-1094" }, { "db": "BID", "id": "40760" }, { "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "db": "NVD", "id": "CVE-2010-2263" }, { "db": "CNNVD", "id": "CNNVD-201006-224" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2010-1094" }, { "db": "BID", "id": "40760" }, { "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "db": "NVD", "id": "CVE-2010-2263" }, { "db": "CNNVD", "id": "CNNVD-201006-224" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-06-13T00:00:00", "db": "CNVD", "id": "CNVD-2010-1094" }, { "date": "2010-06-11T00:00:00", "db": "BID", "id": "40760" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "date": "2010-06-15T14:04:24.313000", "db": "NVD", "id": "CVE-2010-2263" }, { "date": "2010-06-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201006-224" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-06-13T00:00:00", "db": "CNVD", "id": "CNVD-2010-1094" }, { "date": "2015-04-13T21:02:00", "db": "BID", "id": "40760" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "date": "2021-11-10T15:52:53.917000", "db": "NVD", "id": "CVE-2010-2263" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201006-224" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201006-224" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Vulnerabilities in which source code is obtained", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-004869" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201006-224" } ], "trust": 0.6 } }
var-202310-0175
Vulnerability from variot
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section.
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
Description:
nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.
The following data is constructed from data provided by Red Hat's json file at:
https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5710.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
==================================================================== Red Hat Security Advisory
Synopsis: Important: dotnet6.0 security update Advisory ID: RHSA-2023:5710-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5710 Issue date: 2023-10-16 Revision: 01 CVE Names: CVE-2023-44487 ====================================================================
Summary:
An update for dotnet6.0 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23.
Security Fix(es):
- HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution:
https://access.redhat.com/articles/11258
CVEs:
CVE-2023-44487
References:
https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
. ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024
nghttp2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in nghttp2.
Software Description: - nghttp2: HTTP/2 C Library and tools
Details:
It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)
It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)
It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2
Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2
Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3
Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5558-1 security@debian.org https://www.debian.org/security/ Markus Koschany November 18, 2023 https://www.debian.org/security/faq
Package : netty CVE ID : CVE-2023-34462 CVE-2023-44487 Debian Bug : 1038947 1054234
Two security vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework.
CVE-2023-34462
It might be possible for a remote peer to send a client hello packet during
a TLS handshake which lead the server to buffer up to 16 MB of data per
connection. This could lead to a OutOfMemoryError and so result in a denial
of service.
This problem is also known as Rapid Reset Attack.
For the oldstable distribution (bullseye), these problems have been fixed in version 1:4.1.48-4+deb11u2.
For the stable distribution (bookworm), these problems have been fixed in version 1:4.1.48-7+deb12u1.
We recommend that you upgrade your netty packages.
For the detailed security status of netty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netty
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVY5TZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRHiBAAzFhW85Ho37J02wrSDVwhIMTsVjNO9lnA08Pswdohr9K1wxeCJ/hBAx97 UNIrjTxyOfCJWi1Kj5pITXEHBRu6w1fj/5y9yoMpAKEu+oGQroHbSf4CPmqP2Of0 eamkfbGx2Dh7Ug3qYxe+elcqRtU3gu8I8DYcWJnm2VpWq7/pbNJ+9iqtmMjhkPLH 1etLI/5HAkwpPimZSrHzcimn39gEVaIbZLc86ZBAoAPghc+iJR1JFHERmkEutWkB eAnL3kD1mr6F711eZvDfPaRfEUVorW67ZEpPX68MJExuYHNXd268EhQOhf/ZYv8g SUSBJuKw4w2OnL4fn8lhqnQgYHUVkcYBtfYii6E9bEVAIPoaT+4gvdSg9zkF6cza Da8SXkEY2ysaX+A24iVnCNMpCMSOUOxWsFFvkCcfi8A4HxGGqWzVOsBbDJKjktS1 g6FyeqWsGh9QG/CPYeMN7LB7lW1l2XzO6GQ9QR1rzU/whgUVxprkye5wx2BaQmom rrWVHBijH1cNWd1IbryAm+prduL1l/CNR0785ZPTjB3SsMFPCAtRHf9G976rqVs0 P3jGg+BdeDj+sd3EFHcHnNXQOaETgR07RWzngbjEkgmJYhB2B43hCQ2LwsNlHsmg O6otUI2k274IF9KHh0T1h1hopbUTU8VPy3dpcLloCzk7KiAv1RI= =4ExT -----END PGP SIGNATURE----- . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0175", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "node maintenance operator", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip ssl orchestrator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "jboss core services", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "go", "scope": "gte", "trust": 1.0, "vendor": "golang", "version": "1.21.0" }, { "model": "istio", "scope": "lt", "trust": 1.0, "vendor": "istio", "version": "1.19.1" }, { "model": "big-ip advanced web application firewall", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "crosswork zero touch provisioning", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "6.0.0" }, { "model": "big-ip policy enforcement manager", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "integration camel for spring boot", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "windows 10 1809", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "10.0.17763.4974" }, { "model": "big-ip global traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip ddos hybrid defender", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip carrier-grade nat", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "advanced cluster security", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.0" }, { "model": "expressway", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "x14.3.3" }, { "model": "ultra cloud core - policy control function", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2024.01.0" }, { "model": "traffic server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "9.0.0" }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "visual studio 2022", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "17.6" }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "big-ip application visibility and reporting", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "openshift container platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.0" }, { "model": "big-ip advanced firewall manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip advanced firewall manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "satellite", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "crosswork data gateway", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "4.1.3" }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "10.2\\(7\\)" }, { "model": "nginx plus", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "r25" }, { "model": "big-ip advanced web application firewall", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip websafe", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "service interconnect", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "fog director", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "1.22" }, { "model": "unified contact center domain manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "big-ip access policy manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip advanced web application firewall", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "asp.net core", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "7.0.12" }, { "model": "migration toolkit for applications", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "big-ip carrier-grade nat", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip ddos hybrid defender", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "crosswork data gateway", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "5.0" }, { "model": "big-ip global traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "go", "scope": "lt", "trust": 1.0, "vendor": "golang", "version": "1.20.10" }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": ".net", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "6.0.23" }, { "model": "ultra cloud core - policy control function", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2024.01.0" }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "enterprise chat and email", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "tomcat", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "8.5.93" }, { "model": "proxygen", "scope": "lt", "trust": 1.0, "vendor": "facebook", "version": "2023.10.16.00" }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "big-ip link controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "process automation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "big-ip local traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "big-ip application acceleration manager", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "build of optaplanner", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "jenkins", "scope": "lte", "trust": 1.0, "vendor": "jenkins", "version": "2.427" }, { "model": "visual studio 2022", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "17.7.5" }, { "model": "telepresence video communication server", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "x14.3.3" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip fraud protection service", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "big-ip ssl orchestrator", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "big-ip global traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip application visibility and reporting", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "nginx plus", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "r30" }, { "model": "big-ip application visibility and reporting", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "20.8.1" }, { "model": "big-ip carrier-grade nat", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "swiftnio http\\/2", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "1.28.0" }, { "model": "linkerd", "scope": "eq", "trust": 1.0, "vendor": "linkerd", "version": "2.13.0" }, { "model": "caddy", "scope": "lt", "trust": 1.0, "vendor": "caddyserver", "version": "2.7.5" }, { "model": "tomcat", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "10.1.0" }, { "model": "astra control center", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "fence agents remediation operator", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "cert-manager operator for red hat openshift", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip ddos hybrid defender", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "advanced cluster management for kubernetes", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "2.0" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "solr", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "9.4.0" }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip local traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "secure web appliance", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "15.1.0" }, { "model": "big-ip local traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "big-ip websafe", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "3scale api management platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "2.0" }, { "model": "big-ip fraud protection service", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "http", "scope": "eq", "trust": 1.0, "vendor": "ietf", "version": "2.0" }, { "model": "openshift", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip access policy manager", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "certification for red hat enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "big-ip analytics", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip advanced web application firewall", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip application acceleration manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "migration toolkit for containers", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": ".net", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "7.0.12" }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip link controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "visual studio 2022", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "17.2.20" }, { "model": "big-ip local traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "go", "scope": "lt", "trust": 1.0, "vendor": "golang", "version": "1.21.3" }, { "model": "windows 11 21h2", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "10.0.22000.2538" }, { "model": "jetty", "scope": "lt", "trust": 1.0, "vendor": "eclipse", "version": "9.4.53" }, { "model": "big-ip fraud protection service", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip webaccelerator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "jenkins", "scope": "lte", "trust": 1.0, "vendor": "jenkins", "version": "2.414.2" }, { "model": "traffic server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "8.1.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "11.0.0" }, { "model": "apisix", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "3.6.1" }, { "model": "certification for red hat enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "9.0" }, { "model": "big-ip websafe", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "jboss a-mq streams", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip domain name system", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "ios xr", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.11.2" }, { "model": "ultra cloud core - session management function", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2024.02.0" }, { "model": "big-ip advanced web application firewall", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "varnish cache", "scope": "lt", "trust": 1.0, "vendor": "varnish cache", "version": "2023-10-10" }, { "model": "single sign-on", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "big-ip ssl orchestrator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "windows 10 1607", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "10.0.14393.6351" }, { "model": "linkerd", "scope": "eq", "trust": 1.0, "vendor": "linkerd", "version": "2.14.1" }, { "model": "envoy", "scope": "eq", "trust": 1.0, "vendor": "envoyproxy", "version": "1.25.9" }, { "model": "jboss data grid", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0.0" }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "12.0" }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "machine deletion remediation operator", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip application acceleration manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip websafe", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "visual studio 2022", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "17.4" }, { "model": "nginx plus", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "r29" }, { "model": "big-ip application acceleration manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "grpc", "scope": "lt", "trust": 1.0, "vendor": "grpc", "version": "1.56.3" }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "openresty", "scope": "lt", "trust": 1.0, "vendor": "openresty", "version": "1.21.4.3" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.9.5" }, { "model": "big-ip ssl orchestrator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip webaccelerator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "nginx plus", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "r29" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "38" }, { "model": "big-ip webaccelerator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "windows 10 21h2", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "10.0.19044.3570" }, { "model": "big-ip application security manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "istio", "scope": "lt", "trust": 1.0, "vendor": "istio", "version": "1.17.6" }, { "model": "advanced cluster security", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "3.0" }, { "model": "big-ip application security manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip carrier-grade nat", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "openstack platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "17.1" }, { "model": "windows server 2022", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "big-ip advanced web application firewall", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "big-ip websafe", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "cbl-mariner", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "2023-10-11" }, { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "traefik", "scope": "lt", "trust": 1.0, "vendor": "traefik", "version": "2.10.5" }, { "model": "openshift data science", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip global traffic manager", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "big-ip ddos hybrid defender", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip link controller", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "node healthcheck operator", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip ddos hybrid defender", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "openshift gitops", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip ssl orchestrator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "data center network manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "openshift container platform assisted installer", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "ultra cloud core - serving gateway function", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2024.02.0" }, { "model": "jetty", "scope": "lt", "trust": 1.0, "vendor": "eclipse", "version": "12.0.2" }, { "model": "opensearch data prepper", "scope": "lt", "trust": 1.0, "vendor": "amazon", "version": "2.5.0" }, { "model": "prime network registrar", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.2" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "10.3\\(5\\)" }, { "model": "linkerd", "scope": "eq", "trust": 1.0, "vendor": "linkerd", "version": "2.13.1" }, { "model": "big-ip next service proxy for kubernetes", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.5.0" }, { "model": "openshift serverless", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip policy enforcement manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "http2", "scope": "lt", "trust": 1.0, "vendor": "golang", "version": "0.17.0" }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "istio", "scope": "gte", "trust": 1.0, "vendor": "istio", "version": "1.18.0" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "oncommand insight", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "big-ip advanced firewall manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "jboss fuse", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "18.0.0" }, { "model": "traefik", "scope": "eq", "trust": 1.0, "vendor": "traefik", "version": "3.0.0" }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip advanced web application firewall", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "windows 10 22h2", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "10.0.19045.3570" }, { "model": "big-ip carrier-grade nat", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "akka", "version": "10.5.3" }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "ansible automation platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "2.0" }, { "model": "envoy", "scope": "eq", "trust": 1.0, "vendor": "envoyproxy", "version": "1.24.10" }, { "model": "http2", "scope": "lt", "trust": 1.0, "vendor": "kazu yamamoto", "version": "4.2.2" }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "cryostat", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "2.0" }, { "model": "openshift distributed tracing", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "unified contact center management portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "kong gateway", "scope": "lt", "trust": 1.0, "vendor": "konghq", "version": "3.4.2" }, { "model": "istio", "scope": "gte", "trust": 1.0, "vendor": "istio", "version": "1.19.0" }, { "model": "big-ip policy enforcement manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip policy enforcement manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "tomcat", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "8.5.0" }, { "model": "support for spring boot", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip application visibility and reporting", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip ssl orchestrator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "jboss fuse", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0.0" }, { "model": "big-ip ssl orchestrator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "big-ip advanced web application firewall", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "big-ip access policy manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "big-ip websafe", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "grpc", "scope": "gte", "trust": 1.0, "vendor": "grpc", "version": "1.58.0" }, { "model": "build of quarkus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "logging subsystem for red hat openshift", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip carrier-grade nat", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "jetty", "scope": "lt", "trust": 1.0, "vendor": "eclipse", "version": "11.0.17" }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip carrier-grade nat", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "big-ip ssl orchestrator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "cost management", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "traffic server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "8.0.0" }, { "model": "service telemetry framework", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.5" }, { "model": "big-ip advanced firewall manager", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "visual studio 2022", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "17.6.8" }, { "model": "secure malware analytics", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.19.2" }, { "model": "quay", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "3.0.0" }, { "model": "linkerd", "scope": "eq", "trust": 1.0, "vendor": "linkerd", "version": "2.14.0" }, { "model": "big-ip application visibility and reporting", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "windows 11 22h2", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "10.0.22621.2428" }, { "model": "big-ip application security manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "decision manager", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "grpc", "scope": "lte", "trust": 1.0, "vendor": "grpc", "version": "1.59.2" }, { "model": "nghttp2", "scope": "lt", "trust": 1.0, "vendor": "nghttp2", "version": "1.57.0" }, { "model": "openshift service mesh", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "2.0" }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "grpc", "scope": "lt", "trust": 1.0, "vendor": "grpc", "version": "1.58.3" }, { "model": "openstack platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "16.2" }, { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip access policy manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "prime cable provisioning", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.2.1" }, { "model": "visual studio 2022", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "17.0" }, { "model": "big-ip application visibility and reporting", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "tomcat", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "9.0.0" }, { "model": "openshift virtualization", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4" }, { "model": "big-ip access policy manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "big-ip ddos hybrid defender", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "openshift secondary scheduler operator", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0.0" }, { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip application visibility and reporting", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "linkerd", "scope": "gte", "trust": 1.0, "vendor": "linkerd", "version": "2.12.0" }, { "model": "openshift api for data protection", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip global traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "18.18.2" }, { "model": "jboss a-mq", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "37" }, { "model": "prime access registrar", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "9.3.3" }, { "model": "unified contact center enterprise - live data server", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.6.2" }, { "model": "networking", "scope": "lt", "trust": 1.0, "vendor": "golang", "version": "0.17.0" }, { "model": "armeria", "scope": "lt", "trust": 1.0, "vendor": "linecorp", "version": "1.26.0" }, { "model": "big-ip websafe", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "big-ip analytics", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "big-ip application visibility and reporting", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip next", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "20.0.1" }, { "model": "ios xe", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "17.15.1" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "10.3\\(1\\)" }, { "model": "openstack platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "16.1" }, { "model": "grpc", "scope": "eq", "trust": 1.0, "vendor": "grpc", "version": "1.57.0" }, { "model": "big-ip application acceleration manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "openshift dev spaces", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "jetty", "scope": "gte", "trust": 1.0, "vendor": "eclipse", "version": "12.0.0" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "big-ip carrier-grade nat", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "prime infrastructure", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.10.4" }, { "model": "h2o", "scope": "lt", "trust": 1.0, "vendor": "dena", "version": "2023-10-10" }, { "model": "nginx ingress controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "3.0.0" }, { "model": "openshift pipelines", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip webaccelerator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip local traffic manager", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "jetty", "scope": "gte", "trust": 1.0, "vendor": "eclipse", "version": "10.0.0" }, { "model": "big-ip application security manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "big-ip fraud protection service", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0.0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "big-ip domain name system", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "istio", "scope": "lt", "trust": 1.0, "vendor": "istio", "version": "1.18.3" }, { "model": "big-ip websafe", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "secure dynamic attributes connector", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.2.0" }, { "model": "big-ip websafe", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "ceph storage", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0" }, { "model": "run once duration override operator", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "integration camel k", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "visual studio 2022", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "17.7" }, { "model": "big-ip carrier-grade nat", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip ddos hybrid defender", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip analytics", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "envoy", "scope": "eq", "trust": 1.0, "vendor": "envoyproxy", "version": "1.27.0" }, { "model": "nginx ingress controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "2.4.2" }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "integration service registry", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "firepower threat defense", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.4.2" }, { "model": "big-ip analytics", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "20.0.0" }, { "model": "tomcat", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "9.0.80" }, { "model": "iot field network director", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "4.11.0" }, { "model": "big-ip link controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "asp.net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "6.0.0" }, { "model": "migration toolkit for virtualization", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip link controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "big-ip ssl orchestrator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "big-ip fraud protection service", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": ".net", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "6.0.0" }, { "model": "jetty", "scope": "gte", "trust": 1.0, "vendor": "eclipse", "version": "11.0.0" }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "big-ip advanced web application firewall", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "big-ip domain name system", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "web terminal", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip domain name system", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "traffic server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "9.2.3" }, { "model": "windows server 2019", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "linkerd", "scope": "lte", "trust": 1.0, "vendor": "linkerd", "version": "2.12.5" }, { "model": "jetty", "scope": "lt", "trust": 1.0, "vendor": "eclipse", "version": "10.0.17" }, { "model": "network observability operator", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip ddos hybrid defender", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "visual studio 2022", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "17.4.12" }, { "model": "azure kubernetes service", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "2023-10-08" }, { "model": "openshift sandboxed containers", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "big-ip domain name system", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "tomcat", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "10.1.13" }, { "model": "big-ip application visibility and reporting", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip application security manager", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "big-ip next service proxy for kubernetes", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.8.2" }, { "model": "asp.net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "7.0.0" }, { "model": "big-ip ddos hybrid defender", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "nginx ingress controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "2.0.0" }, { "model": "asp.net core", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "6.0.23" }, { "model": "openshift developer tools and services", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "connected mobile experiences", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.1" }, { "model": "nginx ingress controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "3.3.0" }, { "model": ".net", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "7.0.0" }, { "model": "contour", "scope": "lt", "trust": 1.0, "vendor": "projectcontour", "version": "2023-10-11" }, { "model": "big-ip policy enforcement manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "self node remediation operator", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "9.0" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.25.2" }, { "model": "big-ip advanced firewall manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "envoy", "scope": "eq", "trust": 1.0, "vendor": "envoyproxy", "version": "1.26.4" }, { "model": "netty", "scope": "lt", "trust": 1.0, "vendor": "netty", "version": "4.1.100" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-44487" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.57.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.100", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.0.2", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.0.17", "versionStartIncluding": "11.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.17", "versionStartIncluding": "10.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.4.53", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.5", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*", "cpe_name": [], "versionEndExcluding": "0.17.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.21.3", "versionStartIncluding": "1.21.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.20.10", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*", "cpe_name": [], "versionEndExcluding": "0.17.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "r29", "versionStartIncluding": "r25", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.8.2", "versionStartIncluding": "1.5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.25.2", "versionStartIncluding": "1.9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.4.2", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.3.0", "versionStartIncluding": "3.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.0.80", "versionStartIncluding": "9.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.93", "versionStartIncluding": "8.5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.1.13", "versionStartIncluding": "10.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:swiftnio_http\\/2:*:*:*:*:*:swift:*:*", "cpe_name": [], "versionEndExcluding": "1.28.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*", "cpe_name": [], "versionEndExcluding": "1.58.3", "versionStartIncluding": "1.58.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*", "cpe_name": [], "versionEndExcluding": "1.56.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*", "cpe_name": [], "versionEndIncluding": "1.59.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.19045.3570", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.17763.4974", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.22000.2538", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.22621.2428", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "cpe_name": [], "versionEndExcluding": "10.0.14393.6351", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", "cpe_name": [], "versionEndExcluding": "10.0.14393.6351", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.0.12", "versionStartIncluding": "7.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.19044.3570", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "17.7.5", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "17.6.8", "versionStartIncluding": "17.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "17.4.12", "versionStartIncluding": "17.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "17.2.20", "versionStartIncluding": "17.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.23", "versionStartIncluding": "6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.0.12", "versionStartIncluding": "7.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.23", "versionStartIncluding": "6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2023-10-08", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "18.18.2", "versionStartIncluding": "18.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "20.8.1", "versionStartIncluding": "20.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2023-10-11", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2023-10-10", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2023.10.16.00", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.3", "versionStartIncluding": "9.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.1.9", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.5.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.19.1", "versionStartIncluding": "1.19.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.18.3", "versionStartIncluding": "1.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.17.6", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2023-10-10", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.10.5", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*", "cpe_name": [], "versionEndExcluding": "2023-10-11", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*", "cpe_name": [], "versionEndIncluding": "2.12.5", "versionStartIncluding": "2.12.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.26.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.5.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*", "cpe_name": [], "versionEndExcluding": "3.4.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "2.427", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndIncluding": "2.414.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.21.4.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.10.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.19.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.22", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "17.15.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.3.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.11.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.11.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "x14.3.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "x14.3.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.6.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2024.02.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2024.02.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2024.01.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.2\\(7\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.3\\(5\\)", "versionStartIncluding": "10.3\\(1\\)", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3132q-x\\/3132q-xl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3172pq\\/pq-xl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3524-x\\/xl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3548-x\\/xl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.2\\(7\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.3\\(5\\)", "versionStartIncluding": "10.3\\(1\\)", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500_supervisor_a\\+:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500_supervisor_b\\+:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-44487" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "175239" }, { "db": "PACKETSTORM", "id": "175234" }, { "db": "PACKETSTORM", "id": "175230" }, { "db": "PACKETSTORM", "id": "175126" }, { "db": "PACKETSTORM", "id": "175160" }, { "db": "PACKETSTORM", "id": "175376" } ], "trust": 0.6 }, "cve": "CVE-2023-44487", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-44487", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-44487" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. \n\n\n\n\nDescription:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section. \n\n\n\n\nDescription:\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. \n\n\n\n\nDescription:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. \n\n\n\n\nDescription:\n\nnghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. \n\nThe following data is constructed from data provided by Red Hat\u0027s json file at:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5710.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis: Important: dotnet6.0 security update\nAdvisory ID: RHSA-2023:5710-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:5710\nIssue date: 2023-10-16\nRevision: 01\nCVE Names: CVE-2023-44487\n====================================================================\n\nSummary: \n\nAn update for dotnet6.0 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\n.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23. \n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\n\nSolution:\n\nhttps://access.redhat.com/articles/11258\n\n\n\nCVEs:\n\nCVE-2023-44487\n\nReferences:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003\n\n. ==========================================================================\nUbuntu Security Notice USN-6754-1\nApril 25, 2024\n\nnghttp2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. \n\nSoftware Description:\n- nghttp2: HTTP/2 C Library and tools\n\nDetails:\n\nIt was discovered that nghttp2 incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nnghttp2 to consume resources, leading to a denial of service. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\nCVE-2019-9513)\n\nIt was discovered that nghttp2 incorrectly handled request cancellation. A\nremote attacker could possibly use this issue to cause nghttp2 to consume\nresources, leading to a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\nIt was discovered that nghttp2 could be made to process an unlimited number\nof HTTP/2 CONTINUATION frames. A remote attacker could possibly use this\nissue to cause nghttp2 to consume resources, leading to a denial of\nservice. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n libnghttp2-14 1.55.1-1ubuntu0.2\n nghttp2 1.55.1-1ubuntu0.2\n nghttp2-client 1.55.1-1ubuntu0.2\n nghttp2-proxy 1.55.1-1ubuntu0.2\n nghttp2-server 1.55.1-1ubuntu0.2\n\nUbuntu 22.04 LTS:\n libnghttp2-14 1.43.0-1ubuntu0.2\n nghttp2 1.43.0-1ubuntu0.2\n nghttp2-client 1.43.0-1ubuntu0.2\n nghttp2-proxy 1.43.0-1ubuntu0.2\n nghttp2-server 1.43.0-1ubuntu0.2\n\nUbuntu 20.04 LTS:\n libnghttp2-14 1.40.0-1ubuntu0.3\n nghttp2 1.40.0-1ubuntu0.3\n nghttp2-client 1.40.0-1ubuntu0.3\n nghttp2-proxy 1.40.0-1ubuntu0.3\n nghttp2-server 1.40.0-1ubuntu0.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.30.0-1ubuntu1+esm2\n nghttp2 1.30.0-1ubuntu1+esm2\n nghttp2-client 1.30.0-1ubuntu1+esm2\n nghttp2-proxy 1.30.0-1ubuntu1+esm2\n nghttp2-server 1.30.0-1ubuntu1+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.7.1-1ubuntu0.1~esm2\n nghttp2 1.7.1-1ubuntu0.1~esm2\n nghttp2-client 1.7.1-1ubuntu0.1~esm2\n nghttp2-proxy 1.7.1-1ubuntu0.1~esm2\n nghttp2-server 1.7.1-1ubuntu0.1~esm2\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5558-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nNovember 18, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : netty\nCVE ID : CVE-2023-34462 CVE-2023-44487\nDebian Bug : 1038947 1054234\n\nTwo security vulnerabilities have been discovered in Netty, a Java NIO\nclient/server socket framework. \n\nCVE-2023-34462\n\n It might be possible for a remote peer to send a client hello packet during\n a TLS handshake which lead the server to buffer up to 16 MB of data per\n connection. This could lead to a OutOfMemoryError and so result in a denial\n of service. \n This problem is also known as Rapid Reset Attack. \n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:4.1.48-4+deb11u2. \n\nFor the stable distribution (bookworm), these problems have been fixed in\nversion 1:4.1.48-7+deb12u1. \n\nWe recommend that you upgrade your netty packages. \n\nFor the detailed security status of netty please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/netty\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVY5TZfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRHiBAAzFhW85Ho37J02wrSDVwhIMTsVjNO9lnA08Pswdohr9K1wxeCJ/hBAx97\nUNIrjTxyOfCJWi1Kj5pITXEHBRu6w1fj/5y9yoMpAKEu+oGQroHbSf4CPmqP2Of0\neamkfbGx2Dh7Ug3qYxe+elcqRtU3gu8I8DYcWJnm2VpWq7/pbNJ+9iqtmMjhkPLH\n1etLI/5HAkwpPimZSrHzcimn39gEVaIbZLc86ZBAoAPghc+iJR1JFHERmkEutWkB\neAnL3kD1mr6F711eZvDfPaRfEUVorW67ZEpPX68MJExuYHNXd268EhQOhf/ZYv8g\nSUSBJuKw4w2OnL4fn8lhqnQgYHUVkcYBtfYii6E9bEVAIPoaT+4gvdSg9zkF6cza\nDa8SXkEY2ysaX+A24iVnCNMpCMSOUOxWsFFvkCcfi8A4HxGGqWzVOsBbDJKjktS1\ng6FyeqWsGh9QG/CPYeMN7LB7lW1l2XzO6GQ9QR1rzU/whgUVxprkye5wx2BaQmom\nrrWVHBijH1cNWd1IbryAm+prduL1l/CNR0785ZPTjB3SsMFPCAtRHf9G976rqVs0\nP3jGg+BdeDj+sd3EFHcHnNXQOaETgR07RWzngbjEkgmJYhB2B43hCQ2LwsNlHsmg\nO6otUI2k274IF9KHh0T1h1hopbUTU8VPy3dpcLloCzk7KiAv1RI=\n=4ExT\n-----END PGP SIGNATURE-----\n. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience", "sources": [ { "db": "NVD", "id": "CVE-2023-44487" }, { "db": "PACKETSTORM", "id": "175239" }, { "db": "PACKETSTORM", "id": "175234" }, { "db": "PACKETSTORM", "id": "175230" }, { "db": "PACKETSTORM", "id": "175126" }, { "db": "PACKETSTORM", "id": "175160" }, { "db": "PACKETSTORM", "id": "178284" }, { "db": "PACKETSTORM", "id": "175875" }, { "db": "PACKETSTORM", "id": "175807" }, { "db": "PACKETSTORM", "id": "175376" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-44487", "trust": 1.9 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2023/10/18/8", "trust": 1.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2023/10/10/6", "trust": 1.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2023/10/19/6", "trust": 1.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2023/10/18/4", "trust": 1.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2023/10/13/4", "trust": 1.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2023/10/13/9", "trust": 1.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2023/10/20/8", "trust": 1.0 }, { "db": "PACKETSTORM", "id": "175239", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "175234", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "175230", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "175126", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "175160", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "178284", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "175875", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "175807", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "175376", "trust": 0.1 } ], "sources": [ { "db": "PACKETSTORM", "id": "175239" }, { "db": "PACKETSTORM", "id": "175234" }, { "db": "PACKETSTORM", "id": "175230" }, { "db": "PACKETSTORM", "id": "175126" }, { "db": "PACKETSTORM", "id": "175160" }, { "db": "PACKETSTORM", "id": "178284" }, { "db": "PACKETSTORM", "id": "175875" }, { "db": "PACKETSTORM", "id": "175807" }, { "db": "PACKETSTORM", "id": "175376" }, { "db": "NVD", "id": "CVE-2023-44487" } ] }, "id": "VAR-202310-0175", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.465728264 }, "last_update_date": "2024-07-23T21:36:24.758000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-44487" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.0, "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4" }, { "trust": 1.0, "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9" }, { "trust": 1.0, "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4" }, { "trust": 1.0, "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8" }, { "trust": 1.0, "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6" }, { "trust": 1.0, "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8" }, { "trust": 1.0, "url": "https://access.redhat.com/security/cve/cve-2023-44487" }, { "trust": 1.0, "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/" }, { "trust": 1.0, "url": "https://aws.amazon.com/security/security-bulletins/aws-2023-011/" }, { "trust": 1.0, "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/" }, { "trust": 1.0, "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/" }, { "trust": 1.0, "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/" }, { "trust": 1.0, "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack" }, { "trust": 1.0, "url": "https://blog.vespa.ai/cve-2023-44487/" }, { "trust": 1.0, "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988" }, { "trust": 1.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "trust": 1.0, "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123" }, { "trust": 1.0, "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9" }, { "trust": 1.0, "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/" }, { "trust": 1.0, "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack" }, { "trust": 1.0, "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125" }, { "trust": 1.0, "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715" }, { "trust": 1.0, "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve" }, { "trust": 1.0, "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764" }, { "trust": 1.0, "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088" }, { "trust": 1.0, "url": "https://github.com/azure/aks/issues/3947" }, { "trust": 1.0, "url": "https://github.com/kong/kong/discussions/11741" }, { "trust": 1.0, "url": "https://github.com/advisories/ghsa-qppj-fm5r-hxr3" }, { "trust": 1.0, "url": "https://github.com/advisories/ghsa-vx74-f528-fxqg" }, { "trust": 1.0, "url": "https://github.com/advisories/ghsa-xpw8-rcwv-8f8p" }, { "trust": 1.0, "url": "https://github.com/akka/akka-http/issues/4323" }, { "trust": 1.0, "url": "https://github.com/alibaba/tengine/issues/1872" }, { "trust": 1.0, "url": "https://github.com/apache/apisix/issues/10320" }, { "trust": 1.0, "url": "https://github.com/apache/httpd-site/pull/10" }, { "trust": 1.0, "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#l1101-l1113" }, { "trust": 1.0, "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2" }, { "trust": 1.0, "url": "https://github.com/apache/trafficserver/pull/10564" }, { "trust": 1.0, "url": "https://github.com/arkrwn/poc/tree/main/cve-2023-44487" }, { "trust": 1.0, "url": "https://github.com/bcdannyboy/cve-2023-44487" }, { "trust": 1.0, "url": "https://github.com/caddyserver/caddy/issues/5877" }, { "trust": 1.0, "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5" }, { "trust": 1.0, "url": "https://github.com/dotnet/announcements/issues/277" }, { "trust": 1.0, "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#l73" }, { "trust": 1.0, "url": "https://github.com/eclipse/jetty.project/issues/10679" }, { "trust": 1.0, "url": "https://github.com/envoyproxy/envoy/pull/30055" }, { "trust": 1.0, "url": "https://github.com/etcd-io/etcd/issues/16740" }, { "trust": 1.0, "url": "https://github.com/facebook/proxygen/pull/466" }, { "trust": 1.0, "url": "https://github.com/golang/go/issues/63417" }, { "trust": 1.0, "url": "https://github.com/grpc/grpc-go/pull/6703" }, { "trust": 1.0, "url": "https://github.com/h2o/h2o/pull/3291" }, { "trust": 1.0, "url": "https://github.com/h2o/h2o/security/advisories/ghsa-2m7v-gc89-fjqf" }, { "trust": 1.0, "url": "https://github.com/haproxy/haproxy/issues/2312" }, { "trust": 1.0, "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/readme.md?plain=1#l239-l244" }, { "trust": 1.0, "url": "https://github.com/junkurihara/rust-rpxy/issues/97" }, { "trust": 1.0, "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1" }, { "trust": 1.0, "url": "https://github.com/kazu-yamamoto/http2/issues/93" }, { "trust": 1.0, "url": "https://github.com/kubernetes/kubernetes/pull/121120" }, { "trust": 1.0, "url": "https://github.com/line/armeria/pull/5232" }, { "trust": 1.0, "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632" }, { "trust": 1.0, "url": "https://github.com/micrictor/http2-rst-stream" }, { "trust": 1.0, "url": "https://github.com/microsoft/cbl-mariner/pull/6381" }, { "trust": 1.0, "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61" }, { "trust": 1.0, "url": "https://github.com/nghttp2/nghttp2/pull/1961" }, { "trust": 1.0, "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0" }, { "trust": 1.0, "url": "https://github.com/ninenines/cowboy/issues/1615" }, { "trust": 1.0, "url": "https://github.com/nodejs/node/pull/50121" }, { "trust": 1.0, "url": "https://github.com/openresty/openresty/issues/930" }, { "trust": 1.0, "url": "https://github.com/opensearch-project/data-prepper/issues/3474" }, { "trust": 1.0, "url": "https://github.com/oqtane/oqtane.framework/discussions/3367" }, { "trust": 1.0, "url": "https://github.com/projectcontour/contour/pull/5826" }, { "trust": 1.0, "url": "https://github.com/tempesta-tech/tempesta/issues/1986" }, { "trust": 1.0, "url": "https://github.com/varnishcache/varnish-cache/issues/3996" }, { "trust": 1.0, "url": "https://groups.google.com/g/golang-announce/c/innxdtcjzvo" }, { "trust": 1.0, "url": "https://istio.io/latest/news/security/istio-security-2023-004/" }, { "trust": 1.0, "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/" }, { "trust": 1.0, "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q" }, { "trust": 1.0, "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html" }, { "trust": 1.0, "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html" }, { "trust": 1.0, "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html" }, { "trust": 1.0, "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html" }, { "trust": 1.0, "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html" }, { "trust": 1.0, "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html" }, { "trust": 1.0, "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/" }, { "trust": 1.0, "url": "https://lists.w3.org/archives/public/ietf-http-wg/2023octdec/0025.html" }, { "trust": 1.0, "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-october/s36q5hbxr7caimpllprsssyr4pcmwilk.html" }, { "trust": 1.0, "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html" }, { "trust": 1.0, "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/" }, { "trust": 1.0, "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-44487" }, { "trust": 1.0, "url": "https://my.f5.com/manage/s/article/k000137106" }, { "trust": 1.0, "url": "https://netty.io/news/2023/10/10/4-1-100-final.html" }, { "trust": 1.0, "url": "https://news.ycombinator.com/item?id=37830987" }, { "trust": 1.0, "url": "https://news.ycombinator.com/item?id=37830998" }, { "trust": 1.0, "url": "https://news.ycombinator.com/item?id=37831062" }, { "trust": 1.0, "url": "https://news.ycombinator.com/item?id=37837043" }, { "trust": 1.0, "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/" }, { "trust": 1.0, "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected" }, { "trust": 1.0, "url": "https://security.gentoo.org/glsa/202311-09" }, { "trust": 1.0, "url": "https://security.netapp.com/advisory/ntap-20231016-0001/" }, { "trust": 1.0, "url": "https://security.netapp.com/advisory/ntap-20240426-0007/" }, { "trust": 1.0, "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "trust": 1.0, "url": "https://security.netapp.com/advisory/ntap-20240621-0007/" }, { "trust": 1.0, "url": "https://security.paloaltonetworks.com/cve-2023-44487" }, { "trust": 1.0, "url": "https://tomcat.apache.org/security-10.html#fixed_in_apache_tomcat_10.1.14" }, { "trust": 1.0, "url": "https://ubuntu.com/security/cve-2023-44487" }, { "trust": 1.0, "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/" }, { "trust": 1.0, "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" }, { "trust": 1.0, "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event" }, { "trust": 1.0, "url": "https://www.debian.org/security/2023/dsa-5521" }, { "trust": 1.0, "url": "https://www.debian.org/security/2023/dsa-5522" }, { "trust": 1.0, "url": "https://www.debian.org/security/2023/dsa-5540" }, { "trust": 1.0, "url": "https://www.debian.org/security/2023/dsa-5549" }, { "trust": 1.0, "url": "https://www.debian.org/security/2023/dsa-5558" }, { "trust": 1.0, "url": "https://www.debian.org/security/2023/dsa-5570" }, { "trust": 1.0, "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487" }, { "trust": 1.0, "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/" }, { "trust": 1.0, "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" }, { "trust": 1.0, "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6" }, { "trust": 1.0, "url": "https://www.phoronix.com/news/http2-rapid-reset-attack" }, { "trust": 1.0, "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.5, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.5, "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-003" }, { "trust": 0.1, "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5945.json" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.10.4" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:5945" }, { "trust": 0.1, "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5928.json" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:5928" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4" }, { "trust": 0.1, "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5922.json" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:5922" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:5766" }, { "trust": 0.1, "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5766.json" }, { "trust": 0.1, "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5710.json" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:5710" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-6754-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-28182" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.1" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-6505-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.52.0-1ubuntu0.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-34462" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/netty" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6105.json" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:6105" } ], "sources": [ { "db": "PACKETSTORM", "id": "175239" }, { "db": "PACKETSTORM", "id": "175234" }, { "db": "PACKETSTORM", "id": "175230" }, { "db": "PACKETSTORM", "id": "175126" }, { "db": "PACKETSTORM", "id": "175160" }, { "db": "PACKETSTORM", "id": "178284" }, { "db": "PACKETSTORM", "id": "175875" }, { "db": "PACKETSTORM", "id": "175807" }, { "db": "PACKETSTORM", "id": "175376" }, { "db": "NVD", "id": "CVE-2023-44487" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "PACKETSTORM", "id": "175239" }, { "db": "PACKETSTORM", "id": "175234" }, { "db": "PACKETSTORM", "id": "175230" }, { "db": "PACKETSTORM", "id": "175126" }, { "db": "PACKETSTORM", "id": "175160" }, { "db": "PACKETSTORM", "id": "178284" }, { "db": "PACKETSTORM", "id": "175875" }, { "db": "PACKETSTORM", "id": "175807" }, { "db": "PACKETSTORM", "id": "175376" }, { "db": "NVD", "id": "CVE-2023-44487" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-10-20T14:34:30", "db": "PACKETSTORM", "id": "175239" }, { "date": "2023-10-20T14:33:16", "db": "PACKETSTORM", "id": "175234" }, { "date": "2023-10-20T14:32:33", "db": "PACKETSTORM", "id": "175230" }, { "date": "2023-10-17T15:39:55", "db": "PACKETSTORM", "id": "175126" }, { "date": "2023-10-18T16:23:08", "db": "PACKETSTORM", "id": "175160" }, { "date": "2024-04-26T15:13:40", "db": "PACKETSTORM", "id": "178284" }, { "date": "2023-11-22T16:28:02", "db": "PACKETSTORM", "id": "175875" }, { "date": "2023-11-20T16:25:51", "db": "PACKETSTORM", "id": "175807" }, { "date": "2023-10-27T12:55:12", "db": "PACKETSTORM", "id": "175376" }, { "date": "2023-10-10T14:15:10.883000", "db": "NVD", "id": "CVE-2023-44487" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-06-27T18:34:22.110000", "db": "NVD", "id": "CVE-2023-44487" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "178284" }, { "db": "PACKETSTORM", "id": "175875" } ], "trust": 0.2 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat Security Advisory 2023-5945-01", "sources": [ { "db": "PACKETSTORM", "id": "175239" } ], "trust": 0.1 } }
var-201908-0263
Vulnerability from variot
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper priority changes in the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. nginx.org has confirmed the vulnerability and released software updates. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are available from the Fuse 7.6.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/
- Bugs fixed (https://bugzilla.redhat.com/):
1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver 1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests 1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip 1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. Description:
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx112-nginx security update Advisory ID: RHSA-2019:2746-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2746 Issue date: 2019-09-12 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary:
An update for rh-nginx112-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
-
HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx112-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
aarch64: rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
aarch64: rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXXo0dNzjgjWX9erEAQhefQ//dizpNyk55ohd3bzckhrY1IwL4dPGUqa9 PPhd+kqZlhQYr8VqABpda7hXEg65TUrrz8eM8BESmoNc/4vdUjzbO0KI5ByM2zgS ieDmP/4dcZtKlYH6TmSaRMZ5+D1jdgcoP6nkwuC/4a+b0HyB+9P6z/Prn94RLM5d kbhKEU1nLqNW7KjxSYtHU8Nc0n34WeXKiNaLHviV7dFbC0Pxhlt0W/2CpNDsgvco rGHbK6pWsajWGdYZ78zSrnmAIGn6R84LEK8kRcCzzm0c7ehewC4vkSghdCqfqLC2 PO2koEfNNYRPSA8WgEZYBjVAIkGJz7mhDBN99kOQjf3VDpgPmOa+NJ0pDel6F7Nv oEx8ruGYQzLt0z2aCaY7lavHJ4isCJOHE7hvyqgumDmpkC14bxNrhjy+65o6fQVS 7RrzBtPtRTR2UAH0NhkKTXDjVS7NK+OIEcb1mj19DUvMUXDHLaZfYos0erqqf9j/ issNZShxG2rbCBlDZRC875AAeby/0k0ETYg8VeqazhtSaNF2wx0ZnanoOQ+skFaO 7QmNe8O4vrk5A0yFhSjVrYNj2A51XplqXdrdmaN6FEKGm0WEd3BkLEX352bo5NHt fXpdT29tQwd5IHBsx5Ti3ik2lzxIRzRChed8Hnu4xHs/j++rJMNkQ39ku8kmqXVL pTuQ2UprbLU=PAtT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - noarch, x86_64
- Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.16.3). 8) - aarch64, noarch, ppc64le, s390x, x86_64
- ========================================================================== Ubuntu Security Notice USN-6754-2 May 07, 2024
nghttp2 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in nghttp2.
Software Description: - nghttp2: HTTP/2 C Library and tools
Details:
USN-6754-1 fixed vulnerabilities in nghttp2. This update provides the corresponding update for Ubuntu 24.04 LTS.
Original advisory details:
It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)
It was discovered that nghttp2 incorrectly handled request cancellation. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)
It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. (CVE-2024-28182)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.04 LTS libnghttp2-14 1.59.0-1ubuntu0.1 nghttp2 1.59.0-1ubuntu0.1 nghttp2-client 1.59.0-1ubuntu0.1 nghttp2-proxy 1.59.0-1ubuntu0.1 nghttp2-server 1.59.0-1ubuntu0.1
In general, a standard system update will make all the necessary changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0263", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.1" }, { "model": "enterprise communications broker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.1.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "7.7.2.0" }, { "model": "web gateway", "scope": "lt", "trust": 1.0, "vendor": "mcafee", "version": "7.7.2.24" }, { "model": "vs960hd", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": null }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "8.16.1" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "10.12.0" }, { "model": "openshift service mesh", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "software collections", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "8.9.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "29" }, { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.0.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2.0" }, { "model": "web gateway", "scope": "lt", "trust": 1.0, "vendor": "mcafee", "version": "8.2.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.17.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "12.0.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.13.0" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.17.2" }, { "model": "traffic server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "8.0.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "8.0.0" }, { "model": "enterprise communications broker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.2.0" }, { "model": "diskstation manager", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": "6.2" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "12.8.1" }, { "model": "swiftnio", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "1.4.0" }, { "model": "traffic server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "7.0.0" }, { "model": "quay", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "3.0.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "jboss core services", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "traffic server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "7.1.6" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "8.1.0" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "10.16.3" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.9.5" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "traffic server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "8.0.3" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "30" }, { "model": "web gateway", "scope": "lt", "trust": 1.0, "vendor": "mcafee", "version": "7.8.2.13" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "skynas", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": null }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.16.1" }, { "model": "swiftnio", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "1.0.0" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "7.8.2.0" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "8.8.1" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "19.04" }, { "model": "traffic server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "6.0.0" }, { "model": "traffic server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "6.2.3" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "akamai", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "amazon", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apache traffic server", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cloudflare", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "envoy", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "facebook", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "go programming language", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "litespeed", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "netty", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "node js", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "twisted", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "grpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nghttp2", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nginx", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#605641" }, { "db": "NVD", "id": "CVE-2019-9513" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.4.0", "versionStartIncluding": "1.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "10.12", "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "14.04", "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.3", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.1.6", "versionStartIncluding": "7.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.2.3", "versionStartIncluding": "6.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.7.2.24", "versionStartIncluding": "7.7.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.8.2.13", "versionStartIncluding": "7.8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.2.0", "versionStartIncluding": "8.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.16.1", "versionStartIncluding": "1.9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.17.2", "versionStartIncluding": "1.17.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "8.8.1", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "10.12.0", "versionStartIncluding": "10.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "12.8.1", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "10.16.3", "versionStartIncluding": "10.13.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "8.16.1", "versionStartIncluding": "8.9.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-9513" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "156941" }, { "db": "PACKETSTORM", "id": "155416" }, { "db": "PACKETSTORM", "id": "154471" }, { "db": "PACKETSTORM", "id": "154693" }, { "db": "PACKETSTORM", "id": "154663" }, { "db": "CNNVD", "id": "CNNVD-201908-935" } ], "trust": 1.3 }, "cve": "CVE-2019-9513", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-160948", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2019-9513", "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cret@cert.org", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-9513", "trust": 1.0, "value": "HIGH" }, { "author": "cret@cert.org", "id": "CVE-2019-9513", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201908-935", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-160948", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-9513", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-160948" }, { "db": "VULMON", "id": "CVE-2019-9513" }, { "db": "CNNVD", "id": "CNNVD-201908-935" }, { "db": "NVD", "id": "CVE-2019-9513" }, { "db": "NVD", "id": "CVE-2019-9513" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. \nThe vulnerability is due to improper priority changes in the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. \nnginx.org has confirmed the vulnerability and released software updates. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.6.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests\n1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver\n1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests\n1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip\n1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests\n1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed\n1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods\n1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service\n1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes\n1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. After installing the updated\npackages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx112-nginx security update\nAdvisory ID: RHSA-2019:2746-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2746\nIssue date: 2019-09-12\nCVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\n====================================================================\n1. Summary:\n\nAn update for rh-nginx112-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx112-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\naarch64:\nrh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\naarch64:\nrh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXXo0dNzjgjWX9erEAQhefQ//dizpNyk55ohd3bzckhrY1IwL4dPGUqa9\nPPhd+kqZlhQYr8VqABpda7hXEg65TUrrz8eM8BESmoNc/4vdUjzbO0KI5ByM2zgS\nieDmP/4dcZtKlYH6TmSaRMZ5+D1jdgcoP6nkwuC/4a+b0HyB+9P6z/Prn94RLM5d\nkbhKEU1nLqNW7KjxSYtHU8Nc0n34WeXKiNaLHviV7dFbC0Pxhlt0W/2CpNDsgvco\nrGHbK6pWsajWGdYZ78zSrnmAIGn6R84LEK8kRcCzzm0c7ehewC4vkSghdCqfqLC2\nPO2koEfNNYRPSA8WgEZYBjVAIkGJz7mhDBN99kOQjf3VDpgPmOa+NJ0pDel6F7Nv\noEx8ruGYQzLt0z2aCaY7lavHJ4isCJOHE7hvyqgumDmpkC14bxNrhjy+65o6fQVS\n7RrzBtPtRTR2UAH0NhkKTXDjVS7NK+OIEcb1mj19DUvMUXDHLaZfYos0erqqf9j/\nissNZShxG2rbCBlDZRC875AAeby/0k0ETYg8VeqazhtSaNF2wx0ZnanoOQ+skFaO\n7QmNe8O4vrk5A0yFhSjVrYNj2A51XplqXdrdmaN6FEKGm0WEd3BkLEX352bo5NHt\nfXpdT29tQwd5IHBsx5Ti3ik2lzxIRzRChed8Hnu4xHs/j++rJMNkQ39ku8kmqXVL\npTuQ2UprbLU=PAtT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs10-nodejs (10.16.3). 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. ==========================================================================\nUbuntu Security Notice USN-6754-2\nMay 07, 2024\n\nnghttp2 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 24.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. \n\nSoftware Description:\n- nghttp2: HTTP/2 C Library and tools\n\nDetails:\n\nUSN-6754-1 fixed vulnerabilities in nghttp2. This update provides the\ncorresponding update for Ubuntu 24.04 LTS. \n\nOriginal advisory details:\n\n It was discovered that nghttp2 incorrectly handled the HTTP/2\n implementation. This issue\n only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\n CVE-2019-9513)\n\n It was discovered that nghttp2 incorrectly handled request cancellation. This issue only affected Ubuntu\n 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\n It was discovered that nghttp2 could be made to process an unlimited \nnumber\n of HTTP/2 CONTINUATION frames. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 24.04 LTS\n libnghttp2-14 1.59.0-1ubuntu0.1\n nghttp2 1.59.0-1ubuntu0.1\n nghttp2-client 1.59.0-1ubuntu0.1\n nghttp2-proxy 1.59.0-1ubuntu0.1\n nghttp2-server 1.59.0-1ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes", "sources": [ { "db": "NVD", "id": "CVE-2019-9513" }, { "db": "CERT/CC", "id": "VU#605641" }, { "db": "VULHUB", "id": "VHN-160948" }, { "db": "VULMON", "id": "CVE-2019-9513" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "156941" }, { "db": "PACKETSTORM", "id": "155416" }, { "db": "PACKETSTORM", "id": "154471" }, { "db": "PACKETSTORM", "id": "154693" }, { "db": "PACKETSTORM", "id": "154663" }, { "db": "PACKETSTORM", "id": "178500" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-9513", "trust": 2.6 }, { "db": "CERT/CC", "id": "VU#605641", "trust": 2.5 }, { "db": "MCAFEE", "id": "SB10296", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201908-935", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "155414", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "156941", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3306", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3116", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4788", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1544", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3129", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1076", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4343", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3597.3", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4645", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4665", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0007", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4403", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4238", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4596", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3597.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0643", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3299", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0100", "trust": 0.6 }, { "db": "NSFOCUS", "id": "43920", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-19-346-01", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-160948", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-9513", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155417", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155416", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154471", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154693", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154663", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "178500", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#605641" }, { "db": "VULHUB", "id": "VHN-160948" }, { "db": "VULMON", "id": "CVE-2019-9513" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "156941" }, { "db": "PACKETSTORM", "id": "155416" }, { "db": "PACKETSTORM", "id": "154471" }, { "db": "PACKETSTORM", "id": "154693" }, { "db": "PACKETSTORM", "id": "154663" }, { "db": "PACKETSTORM", "id": "178500" }, { "db": "CNNVD", "id": "CNNVD-201908-935" }, { "db": "NVD", "id": "CVE-2019-9513" } ] }, "id": "VAR-201908-0263", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-160948" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:59:26.276000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HTTP/2 Remedial measures to achieve security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96619" }, { "title": "Red Hat: Important: Red Hat OpenShift Service Mesh 1.0.1 RPMs", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193041 - security advisory" }, { "title": "Red Hat: Important: nghttp2 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192692 - security advisory" }, { "title": "Red Hat: Important: rh-nginx110-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192745 - security advisory" }, { "title": "Red Hat: Important: rh-nginx112-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192746 - security advisory" }, { "title": "Red Hat: Important: rh-nginx114-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192775 - security advisory" }, { "title": "Red Hat: Important: httpd24-httpd and httpd24-nghttp2 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192949 - security advisory" }, { "title": "Red Hat: Important: nginx:1.14 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192799 - security advisory" }, { "title": "Debian Security Advisories: DSA-4511-1 nghttp2 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5abd31eeab4f550ac0063c6db4c6fefa" }, { "title": "Red Hat: Important: Red Hat Quay v3.1.1 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192966 - security advisory" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4099-1" }, { "title": "Red Hat: CVE-2019-9513", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2019-9513" }, { "title": "Debian CVElist Bug Report Logs: nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=aa3f98e7e42f366cb232cf3ada195106" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2019-9513" }, { "title": "Red Hat: Important: nodejs:10 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192925 - security advisory" }, { "title": "Debian Security Advisories: DSA-4505-1 nginx -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b38c3ef2fccf5f32d01340c117d4ef05" }, { "title": "Red Hat: Important: rh-nodejs8-nodejs security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192955 - security advisory" }, { "title": "Red Hat: Important: rh-nodejs10-nodejs security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192939 - security advisory" }, { "title": "Amazon Linux AMI: ALAS-2019-1298", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1298" }, { "title": "Arch Linux Advisories: [ASA-201908-13] nginx: denial of service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201908-13" }, { "title": "Arch Linux Advisories: [ASA-201908-17] libnghttp2: denial of service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201908-17" }, { "title": "Amazon Linux 2: ALAS2-2019-1298", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1298" }, { "title": "Amazon Linux AMI: ALAS-2019-1299", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1299" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193932 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193933 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193935 - security advisory" }, { "title": "Arch Linux Advisories: [ASA-201908-12] nginx-mainline: denial of service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201908-12" }, { "title": "Debian Security Advisories: DSA-4669-1 nodejs -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0919b27d8bf334fac6a8fbea7195b6b0" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=1258fbf11199f28879a6fcc9f39902e9" }, { "title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200983 - security advisory" }, { "title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=cbf2ee0b22e92590472860fdb3718cab" }, { "title": "IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3b9c6b5fbfb51d956856e88dff5a7acd" }, { "title": "IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5ad9418973cac91ba73c01ad16b1f5a4" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00c2\u00ae SDK for Node.js\u00e2\u201e\u00a2 in IBM Cloud", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=89d19e42a01e098dd5f88e0433d2bb5d" }, { "title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8f76cfb8f0c5ea84a0bc28705788f854" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ce0280dd79176d32c26f34906d1d4de" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b76ff63209def4a949aa18bdf6b518b8" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=247686da02fe524817c1939b0f6b6a5c" }, { "title": "Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=fg-ir-19-225" }, { "title": "bogeitingress", "trust": 0.1, "url": "https://github.com/lieshoujieyuan/bogeitingress " } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-9513" }, { "db": "CNNVD", "id": "CNNVD-201908-935" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-400", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-160948" }, { "db": "NVD", "id": "CVE-2019-9513" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "trust": 2.5, "url": "https://www.synology.com/security/advisory/synology_sa_19_33" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:3932" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:3933" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:3935" }, { "trust": 2.3, "url": "https://www.debian.org/security/2019/dsa-4511" }, { "trust": 2.3, "url": "https://usn.ubuntu.com/4099-1/" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2746" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2925" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2939" }, { "trust": 1.7, "url": "https://seclists.org/bugtraq/2019/aug/40" }, { "trust": 1.7, "url": "https://seclists.org/bugtraq/2019/sep/1" }, { "trust": 1.7, "url": "https://kb.cert.org/vuls/id/605641/" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20190823-0002/" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20190823-0005/" }, { "trust": 1.7, "url": "https://www.debian.org/security/2019/dsa-4505" }, { "trust": 1.7, "url": "https://www.debian.org/security/2020/dsa-4669" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2019:2692" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2019:2745" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2019:2775" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2019:2799" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2019:2949" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2019:2955" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2019:2966" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2019:3041" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html" }, { "trust": 1.6, "url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html" }, { "trust": 1.6, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513" }, { "trust": 1.1, "url": "https://support.f5.com/csp/article/k02591030" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/" }, { "trust": 1.0, "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss" }, { "trust": 0.8, "url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752" }, { "trust": 0.8, "url": "https://tools.ietf.org/html/rfc7540" }, { "trust": 0.8, "url": "https://tools.ietf.org/html/rfc7541" }, { "trust": 0.8, "url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/" }, { "trust": 0.8, "url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/" }, { "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/" }, { "trust": 0.7, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2019-9516" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2019-9513" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.7, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2019-9517" }, { "trust": 0.6, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.6, "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026utm_medium=rss" }, { "trust": 0.6, "url": "http2-cves/" }, { "trust": 0.6, "url": "https://www.cloudfoundry.org/blog/various-" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511" }, { "trust": 0.6, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html" }, { "trust": 0.6, "url": "https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html" }, { "trust": 0.6, "url": "https://support.f5.com/csp/article/k50233772" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1126605" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1104951" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1165894" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1165906" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1135167" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1164346" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1164364" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1544/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1127397" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1128387" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4403/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4665/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4788/" }, { "trust": 0.6, "url": "https://pivotal.io/security/cve-2019-9517" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/" }, { "trust": 0.6, "url": "http-2-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9514-cve-2019-9512-cve-2019/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-console-and-rest-api-are-vulnerable-to-multiple-denial-of-service-attacks-within-" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4596/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0643/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1143454" }, { "trust": 0.6, "url": "http2-implementation-vulnerablility/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3306/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3116/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9513" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3299/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/" }, { "trust": 0.6, "url": "http-2-implementation-used-by-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1150960" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1137466" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4343/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0100/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1167160" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0007/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vyatta-5600-vrouter-software-patches-release-1801-ze-2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3129/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4238/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/43920" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1165852" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1076/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1127853" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-0737" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-17199" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-0217" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-0197" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-17189" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-5407" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-0196" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-0734" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296" }, { "trust": 0.1, "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-9251" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11771" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5427" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12422" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3888" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5929" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14439" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11272" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17570" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17570" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.6.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-5929" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11771" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14439" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-15756" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5427" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15756" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-16012" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10174" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12384" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11272" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3802" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16012" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:0983" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-6754-2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-28182" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.59.0-1ubuntu0.1" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-6754-1" } ], "sources": [ { "db": "CERT/CC", "id": "VU#605641" }, { "db": "VULHUB", "id": "VHN-160948" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "156941" }, { "db": "PACKETSTORM", "id": "155416" }, { "db": "PACKETSTORM", "id": "154471" }, { "db": "PACKETSTORM", "id": "154693" }, { "db": "PACKETSTORM", "id": "154663" }, { "db": "PACKETSTORM", "id": "178500" }, { "db": "CNNVD", "id": "CNNVD-201908-935" }, { "db": "NVD", "id": "CVE-2019-9513" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#605641" }, { "db": "VULHUB", "id": "VHN-160948" }, { "db": "VULMON", "id": "CVE-2019-9513" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "156941" }, { "db": "PACKETSTORM", "id": "155416" }, { "db": "PACKETSTORM", "id": "154471" }, { "db": "PACKETSTORM", "id": "154693" }, { "db": "PACKETSTORM", "id": "154663" }, { "db": "PACKETSTORM", "id": "178500" }, { "db": "CNNVD", "id": "CNNVD-201908-935" }, { "db": "NVD", "id": "CVE-2019-9513" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-13T00:00:00", "db": "CERT/CC", "id": "VU#605641" }, { "date": "2019-08-13T00:00:00", "db": "VULHUB", "id": "VHN-160948" }, { "date": "2019-08-13T00:00:00", "db": "VULMON", "id": "CVE-2019-9513" }, { "date": "2019-11-20T23:02:22", "db": "PACKETSTORM", "id": "155414" }, { "date": "2019-11-20T21:11:11", "db": "PACKETSTORM", "id": "155417" }, { "date": "2020-03-27T13:16:40", "db": "PACKETSTORM", "id": "156941" }, { "date": "2019-11-20T20:55:55", "db": "PACKETSTORM", "id": "155416" }, { "date": "2019-09-12T14:32:51", "db": "PACKETSTORM", "id": "154471" }, { "date": "2019-09-30T22:22:22", "db": "PACKETSTORM", "id": "154693" }, { "date": "2019-09-30T13:33:33", "db": "PACKETSTORM", "id": "154663" }, { "date": "2024-05-09T15:42:01", "db": "PACKETSTORM", "id": "178500" }, { "date": "2019-08-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-935" }, { "date": "2019-08-13T21:15:12.380000", "db": "NVD", "id": "CVE-2019-9513" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-11-19T00:00:00", "db": "CERT/CC", "id": "VU#605641" }, { "date": "2020-10-22T00:00:00", "db": "VULHUB", "id": "VHN-160948" }, { "date": "2022-08-12T00:00:00", "db": "VULMON", "id": "CVE-2019-9513" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-935" }, { "date": "2023-11-07T03:13:42.177000", "db": "NVD", "id": "CVE-2019-9513" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "178500" }, { "db": "CNNVD", "id": "CNNVD-201908-935" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion", "sources": [ { "db": "CERT/CC", "id": "VU#605641" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-935" } ], "trust": 0.6 } }
var-201602-0391
Vulnerability from variot
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. There is a security vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. The vulnerability stems from the fact that the program does not limit CNAME resolution. These only affect nginx if the "resolver" directive is used in a configuration file.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.1-2.2+wheezy4.
For the stable distribution (jessie), these problems have been fixed in version 1.6.2-5+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1.9.10-1.
For the unstable distribution (sid), these problems have been fixed in version 1.9.10-1.
We recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).
Security Fix(es):
-
A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash. (CVE-2016-4450)
-
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. (CVE-2016-0742)
-
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. (CVE-2016-0746)
-
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. (CVE-2016-0747)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver 1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver 1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver 1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2892-1 February 09, 2016
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx. (CVE-2016-0747)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.1 nginx-extras 1.9.3-1ubuntu1.1 nginx-full 1.9.3-1ubuntu1.1 nginx-light 1.9.3-1ubuntu1.1
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.4 nginx-extras 1.4.6-1ubuntu3.4 nginx-full 1.4.6-1ubuntu3.4 nginx-light 1.4.6-1ubuntu3.4 nginx-naxsi 1.4.6-1ubuntu3.4
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0391", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.6, "vendor": "debian", "version": "8.0" }, { "model": "leap", "scope": "eq", "trust": 1.4, "vendor": "novell", "version": "42.1" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.9.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.9.10" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.10" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.6.18" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.8.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.1" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.9.10" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.9.x" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "15.10" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "14.04 lts" }, { "model": "gnu/linux", "scope": "eq", "trust": 0.8, "vendor": "debian", "version": "8.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.6.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" } ], "sources": [ { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "db": "NVD", "id": "CVE-2016-0747" }, { "db": "CNNVD", "id": "CNNVD-201602-059" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.1", "versionStartIncluding": "0.6.18", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.9.10", "versionStartIncluding": "1.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-0747" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "82230" } ], "trust": 0.3 }, "cve": "CVE-2016-0747", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-0747", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-88257", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-0747", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201602-059", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-88257", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-0747", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-88257" }, { "db": "VULMON", "id": "CVE-2016-0747" }, { "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "db": "NVD", "id": "CVE-2016-0747" }, { "db": "CNNVD", "id": "CNNVD-201602-059" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. There is a security vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. The vulnerability stems from the fact that the program does not limit CNAME resolution. These only affect nginx if\nthe \"resolver\" directive is used in a configuration file. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.1-2.2+wheezy4. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.6.2-5+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.9.10-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.10-1. \n\nWe recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2016:1425-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1425\nIssue date: 2016-07-14\nCVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 \n CVE-2016-4450 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web and proxy server with a focus on high concurrency,\nperformance, and low memory usage. \n\nThe following packages have been upgraded to a newer upstream version:\nrh-nginx18-nginx (1.8.1). \n\nSecurity Fix(es):\n\n* A NULL pointer dereference flaw was found in the nginx code responsible\nfor saving client request body to a temporary file. A remote attacker could\nsend a specially crafted request that would cause nginx worker process to\ncrash. (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and\ndereference an invalid pointer when resolving CNAME DNS records. An\nattacker able to manipulate DNS responses received by nginx could use this\nflaw to cause a worker process to crash if nginx enabled the resolver in\nits configuration. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME\nDNS records. \n(CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME\nDNS records. \n(CVE-2016-0747)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver\n1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver\n1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver\n1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0742\nhttps://access.redhat.com/security/cve/CVE-2016-0746\nhttps://access.redhat.com/security/cve/CVE-2016-0747\nhttps://access.redhat.com/security/cve/CVE-2016-4450\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp\nZhbDRXs2sdXbnakZ6oJi/K8=\n=7RBd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2892-1\nFebruary 09, 2016\n\nnginx vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n(CVE-2016-0747)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n nginx-core 1.9.3-1ubuntu1.1\n nginx-extras 1.9.3-1ubuntu1.1\n nginx-full 1.9.3-1ubuntu1.1\n nginx-light 1.9.3-1ubuntu1.1\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.4\n nginx-extras 1.4.6-1ubuntu3.4\n nginx-full 1.4.6-1ubuntu3.4\n nginx-light 1.4.6-1ubuntu3.4\n nginx-naxsi 1.4.6-1ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"", "sources": [ { "db": "NVD", "id": "CVE-2016-0747" }, { "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "db": "BID", "id": "82230" }, { "db": "VULHUB", "id": "VHN-88257" }, { "db": "VULMON", "id": "CVE-2016-0747" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-0747", "trust": 3.4 }, { "db": "SECTRACK", "id": "1034869", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2016-001780", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201602-059", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "BID", "id": "82230", "trust": 0.4 }, { "db": "VULHUB", "id": "VHN-88257", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-0747", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135738", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137908", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137518", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135684", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88257" }, { "db": "VULMON", "id": "CVE-2016-0747" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0747" }, { "db": "CNNVD", "id": "CNNVD-201602-059" } ] }, "id": "VAR-201602-0391", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-88257" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:08:16.477000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-3473", "trust": 0.8, "url": "http://www.debian.org/security/2016/dsa-3473" }, { "title": "openSUSE-SU-2016:0371", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "title": "Bug 1302589", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589" }, { "title": "USN-2892-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/usn-2892-1/" }, { "title": "CVE-2016-0742, CVE-2016-0746, CVE-2016-0747", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html" }, { "title": "nginx resolver Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=60056" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2892-1" }, { "title": "Red Hat: CVE-2016-0747", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-0747" }, { "title": "Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=10ec4e6c24845a17d787b01f883e17a7" }, { "title": "Amazon Linux AMI: ALAS-2016-655", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-655" }, { "title": "Symantec Security Advisories: SA115 : Multiple nginx DNS resolver vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=4df1d4c41a5a305df81d1cff15b6d5a3" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-0747" }, { "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "db": "CNNVD", "id": "CNNVD-201602-059" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.1 }, { "problemtype": "CWE-399", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88257" }, { "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "db": "NVD", "id": "CVE-2016-0747" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://security.gentoo.org/glsa/201606-06" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2016:1425" }, { "trust": 1.9, "url": "http://www.ubuntu.com/usn/usn-2892-1" }, { "trust": 1.8, "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "trust": 1.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589" }, { "trust": 1.8, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.8, "url": "http://www.debian.org/security/2016/dsa-3473" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.8, "url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1034869" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0747" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0747" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.10431541.1444954692.1454065053" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.85903129.1444954692.1454065053" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.107423490.1444954692.1454065053" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237" }, { "trust": 0.3, "url": "https://support.asperasoft.com/hc/en-us/articles/229846687-security-bulletin-multiple-vulnerabilities-with-the-nginx-web-server-used-in-ibm-aspera-shares-1-9-2-earlier" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/400.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2892-1/" }, { "trust": 0.1, "url": "https://www.securityfocus.com/bid/82230" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0742" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0747" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0746" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4450" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.1, "url": "https://developer.apple.com/xcode/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.1, "url": "https://support.apple.com/ht212818." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529" } ], "sources": [ { "db": "VULHUB", "id": "VHN-88257" }, { "db": "VULMON", "id": "CVE-2016-0747" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0747" }, { "db": "CNNVD", "id": "CNNVD-201602-059" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-88257" }, { "db": "VULMON", "id": "CVE-2016-0747" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0747" }, { "db": "CNNVD", "id": "CNNVD-201602-059" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-15T00:00:00", "db": "VULHUB", "id": "VHN-88257" }, { "date": "2016-02-15T00:00:00", "db": "VULMON", "id": "CVE-2016-0747" }, { "date": "2016-01-29T00:00:00", "db": "BID", "id": "82230" }, { "date": "2016-03-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "date": "2016-02-12T19:22:00", "db": "PACKETSTORM", "id": "135738" }, { "date": "2016-07-14T20:08:00", "db": "PACKETSTORM", "id": "137908" }, { "date": "2016-06-17T23:50:23", "db": "PACKETSTORM", "id": "137518" }, { "date": "2016-02-10T03:55:35", "db": "PACKETSTORM", "id": "135684" }, { "date": "2021-09-22T16:28:58", "db": "PACKETSTORM", "id": "164240" }, { "date": "2016-02-15T19:59:02.123000", "db": "NVD", "id": "CVE-2016-0747" }, { "date": "2016-01-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201602-059" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-88257" }, { "date": "2021-09-22T00:00:00", "db": "VULMON", "id": "CVE-2016-0747" }, { "date": "2016-10-26T00:01:00", "db": "BID", "id": "82230" }, { "date": "2016-03-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "date": "2021-12-16T18:43:52.677000", "db": "NVD", "id": "CVE-2016-0747" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201602-059" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "CNNVD", "id": "CNNVD-201602-059" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Service disruption in other resolvers (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001780" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201602-059" } ], "trust": 0.6 } }
var-200911-0311
Vulnerability from variot
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. nginx of src/http/modules/ngx_http_dav_module.c Contains a directory traversal vulnerability.By a remotely authenticated user WebDAV (1) COPY Or (2) MOVE To the method .. The 'nginx' program is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues using directory-traversal strings ('../') to overwrite arbitrary files outside the root directory. These issues affect nginx 0.7.61 and 0.7.62; other versions may also be affected. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: nginx WebDAV Directory Traversal Security Issue
SECUNIA ADVISORY ID: SA36818
VERIFY ADVISORY: http://secunia.com/advisories/36818/
DESCRIPTION: A security issue has been discovered in nginx, which can be exploited by malicious people to bypass certain security restrictions.
Successful exploitation requires that the server has been compiled with the http_dav_module and that the attacker is allowed to use the "MOVE" or "COPY" methods.
The security issue is reported in version 0.7.61 and confirmed in version 0.7.62.
SOLUTION: Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY: Kingcope
ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22
http://security.gentoo.org/
Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.0.14 >= 1.0.14
Description
Multiple vulnerabilities have been found in nginx:
- The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555).
- The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896).
- The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315).
- nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180).
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the nginx process, cause a Denial of Service condition, create or overwrite arbitrary files, or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-22.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Gentoo update for nginx
SECUNIA ADVISORY ID: SA48577
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48577/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48577
RELEASE DATE: 2012-03-28
DISCUSS ADVISORY: http://secunia.com/advisories/48577/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48577/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48577
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Gentoo has issued an update for nginx.
For more information: SA36751 SA36818 SA37291 SA46798 SA48366
SOLUTION: Update to "www-servers/nginx-1.0.14" or later
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200911-0311", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.49" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.45" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.45" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.42" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.5" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "0.7.62" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.39" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.47" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.59" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.50" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.51" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.41" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.61" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.48" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.57" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.42" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.43" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.46" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.39" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.54" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.61" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.43" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.46" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.55" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.56" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.50" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.40" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.60" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.54" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.57" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.53" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.51" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.56" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.39" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.44" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.49" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.47" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.55" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.52" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.40" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.48" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.53" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.41" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.59" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.44" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.52" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.45" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.43" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "nginx", "version": "0.6.1516" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.60" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.41" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.58" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.42" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.40" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.44" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.58" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.35" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.x" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.17" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.16" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.15" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.2" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.6.35" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.3" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.6.32" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.62" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.62" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.61" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null } ], "sources": [ { "db": "BID", "id": "36490" }, { "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "db": "NVD", "id": "CVE-2009-3898" }, { "db": "CNNVD", "id": "CNNVD-200911-245" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.7.62", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nginx:nginx:0.6.1516:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2009-3898" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Kingcope", "sources": [ { "db": "BID", "id": "36490" } ], "trust": 0.3 }, "cve": "CVE-2009-3898", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.9, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2009-3898", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "id": "VHN-41344", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2009-3898", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-200911-245", "trust": 0.6, "value": "LOW" }, { "author": "VULHUB", "id": "VHN-41344", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-41344" }, { "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "db": "NVD", "id": "CVE-2009-3898" }, { "db": "CNNVD", "id": "CNNVD-200911-245" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. nginx of src/http/modules/ngx_http_dav_module.c Contains a directory traversal vulnerability.By a remotely authenticated user WebDAV (1) COPY Or (2) MOVE To the method .. The \u0027nginx\u0027 program is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input. \nAn attacker can exploit these issues using directory-traversal strings (\u0027../\u0027) to overwrite arbitrary files outside the root directory. \nThese issues affect nginx 0.7.61 and 0.7.62; other versions may also be affected. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nnginx WebDAV Directory Traversal Security Issue\n\nSECUNIA ADVISORY ID:\nSA36818\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36818/\n\nDESCRIPTION:\nA security issue has been discovered in nginx, which can be exploited\nby malicious people to bypass certain security restrictions. \n\nSuccessful exploitation requires that the server has been compiled\nwith the http_dav_module and that the attacker is allowed to use the\n\"MOVE\" or \"COPY\" methods. \n\nThe security issue is reported in version 0.7.61 and confirmed in\nversion 0.7.62. \n\nSOLUTION:\nRestrict access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\nKingcope\n\nORIGINAL ADVISORY:\nhttp://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: nginx: Multiple vulnerabilities\n Date: March 28, 2012\n Bugs: #293785, #293786, #293788, #389319, #408367\n ID: 201203-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.0.14 \u003e= 1.0.14\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in nginx:\n\n* The TLS protocol does not properly handle session renegotiation\n requests (CVE-2009-3555). \n* The \"ngx_http_process_request_headers()\" function in ngx_http_parse.c\n could cause a NULL pointer dereference (CVE-2009-3896). \n* The \"ngx_resolver_copy()\" function in ngx_resolver.c contains a\n boundary error which could cause a heap-based buffer overflow\n (CVE-2011-4315). \n* nginx does not properly parse HTTP header responses which could\n expose sensitive information (CVE-2012-1180). \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the nginx process, cause a Denial of Service condition,\ncreate or overwrite arbitrary files, or obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.0.14\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2009-3896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896\n[ 3 ] CVE-2009-3898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898\n[ 4 ] CVE-2011-4315\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315\n[ 5 ] CVE-2012-1180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-22.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nGentoo update for nginx\n\nSECUNIA ADVISORY ID:\nSA48577\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48577/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577\n\nRELEASE DATE:\n2012-03-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48577/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48577/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nGentoo has issued an update for nginx. \n\nFor more information:\nSA36751\nSA36818\nSA37291\nSA46798\nSA48366\n\nSOLUTION:\nUpdate to \"www-servers/nginx-1.0.14\" or later", "sources": [ { "db": "NVD", "id": "CVE-2009-3898" }, { "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "db": "BID", "id": "36490" }, { "db": "VULHUB", "id": "VHN-41344" }, { "db": "PACKETSTORM", "id": "81568" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" } ], "trust": 2.25 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-41344", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-41344" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2009-3898", "trust": 2.9 }, { "db": "SECUNIA", "id": "36818", "trust": 1.8 }, { "db": "SECUNIA", "id": "48577", "trust": 1.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/20/1", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/23/10", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2009-005108", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200911-245", "trust": 0.7 }, { "db": "BID", "id": "36490", "trust": 0.4 }, { "db": "SEEBUG", "id": "SSVID-87572", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-66932", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "9829", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-41344", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "81568", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111273", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111263", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-41344" }, { "db": "BID", "id": "36490" }, { "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "db": "PACKETSTORM", "id": "81568" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2009-3898" }, { "db": "CNNVD", "id": "CNNVD-200911-245" } ] }, "id": "VAR-200911-0311", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-41344" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:26:44.750000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://nginx.org/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005108" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-41344" }, { "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "db": "NVD", "id": "CVE-2009-3898" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "trust": 1.7, "url": "http://secunia.com/advisories/36818" }, { "trust": 1.7, "url": "http://secunia.com/advisories/48577" }, { "trust": 1.6, "url": "http://marc.info/?l=oss-security\u0026m=125897327321676\u0026w=2" }, { "trust": 1.6, "url": "http://marc.info/?l=oss-security\u0026m=125897425223039\u0026w=2" }, { "trust": 1.6, "url": "http://marc.info/?l=oss-security\u0026m=125900327409842\u0026w=2" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3898" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3898" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "/archive/1/506662" }, { "trust": 0.2, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.2, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.2, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://marc.info/?l=oss-security\u0026amp;m=125897327321676\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=oss-security\u0026amp;m=125897425223039\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=oss-security\u0026amp;m=125900327409842\u0026amp;w=2" }, { "trust": 0.1, "url": "http://secunia.com/advisories/business_solutions/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/36818/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3896" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4315" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3896" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4315" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "http://secunia.com/psi_30_beta_launch" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48577/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48577/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml" } ], "sources": [ { "db": "VULHUB", "id": "VHN-41344" }, { "db": "BID", "id": "36490" }, { "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "db": "PACKETSTORM", "id": "81568" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2009-3898" }, { "db": "CNNVD", "id": "CNNVD-200911-245" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-41344" }, { "db": "BID", "id": "36490" }, { "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "db": "PACKETSTORM", "id": "81568" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2009-3898" }, { "db": "CNNVD", "id": "CNNVD-200911-245" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-11-24T00:00:00", "db": "VULHUB", "id": "VHN-41344" }, { "date": "2009-09-23T00:00:00", "db": "BID", "id": "36490" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "date": "2009-09-23T05:54:46", "db": "PACKETSTORM", "id": "81568" }, { "date": "2012-03-29T02:37:12", "db": "PACKETSTORM", "id": "111273" }, { "date": "2012-03-28T06:36:19", "db": "PACKETSTORM", "id": "111263" }, { "date": "2009-11-24T17:30:00.437000", "db": "NVD", "id": "CVE-2009-3898" }, { "date": "2009-11-24T00:00:00", "db": "CNNVD", "id": "CNNVD-200911-245" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-41344" }, { "date": "2012-03-28T21:30:00", "db": "BID", "id": "36490" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "date": "2021-11-10T15:52:55.790000", "db": "NVD", "id": "CVE-2009-3898" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-200911-245" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200911-245" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of src/http/modules/ngx_http_dav_module.c Vulnerable to directory traversal", "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005108" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-200911-245" } ], "trust": 0.6 } }
var-201412-0610
Vulnerability from variot
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. This vulnerability CVE-2011-0411 It is a similar problem. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. nginx is prone to a remote command-injection vulnerability. Attackers can exploit this issue to inject commands into SSL sessions and disclose sensitive information. Versions prior to nginx 1.6.1 and 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability stems from the fact that the program does not properly limit I/O buffering. The following versions are affected: nginx version 1.5.x, version 1.6.0, version 1.6.1, version 1.7.0 to version 1.7.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04533567
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04533567 Version: 1
HPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information, Denial of Service (DoS) and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-01-10 Last Updated: 2015-01-10
Potential Security Impact: Remote disclosure of information, Denial of Service (DoS) and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP SSL for OpenVMS. These vulnerabilities could be remotely exploited to create a remote disclosure of information, Denial of Service, and other vulnerabilities.
References:
CVE-2014-3556 - cryptographic issues (CWE-310) CVE-2014-3567 - remote Denial of Service (DoS) (CWE-20, CWE-399) CVE-2014-3568 - cryptographic issues (CWE-310) SSRT101779
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS - All versions prior to Version 1.4-495
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP SSL Version 1.4-495 for OpenVMS is based on Open Source OpenSSL version 0.9.8zc and includes the latest security updates from OpenSSL.org.
HP has made the following patch kit available to resolve the vulnerabilities.
The HP SSL Version 1.4-495 for OpenVMS is available from the following locations:
OpenVMS HP SSL website: http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
The HP SSL Version 1.4-495 for OpenVMS kits for both Integrity and Alpha platforms have been uploaded to HP Support Center website. Customers can access the kits from Patch Management page.
Go to https://h20566.www2.hp.com/portal/site/hpsc/patch/home/
Login using your HP Passport account
Search for the Patch Kit Name from the table below
HP SSL Version OpenVMS Platform Patch Kit Name
V1.4-495 Alpha
OpenVMS V8.3, V8.4 HP-AXPVMS-SSL-V0104
V1.4-495 ITANIUM
OpenVMS V8.3, V8.3-1H1, V8.4 HP-I64VMS-SSL-V0104
HISTORY Version:1 (rev.1) - 10 December 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlSwdq4ACgkQ4B86/C0qfVmlZgCg825/1F8UumLLhYt0pKaqeN5n Fj0AoJvSKKRxuu+/ayOhqr97QoDWGTSX =ZBgU -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0610", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.5.6" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.7.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.6.1" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.7.4" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.7.4" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.5.x" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.7.x" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.6.x" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.3" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "db": "NVD", "id": "CVE-2014-3556" }, { "db": "CNNVD", "id": "CNNVD-201408-095" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6.1", "versionStartIncluding": "1.5.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.4", "versionStartIncluding": "1.7.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3556" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Chris Boulton", "sources": [ { "db": "BID", "id": "69111" } ], "trust": 0.3 }, "cve": "CVE-2014-3556", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2014-3556", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-71496", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3556", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201408-095", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-71496", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-71496" }, { "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "db": "NVD", "id": "CVE-2014-3556" }, { "db": "CNNVD", "id": "CNNVD-201408-095" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411. This vulnerability CVE-2011-0411 It is a similar problem. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. nginx is prone to a remote command-injection vulnerability. \nAttackers can exploit this issue to inject commands into SSL sessions and disclose sensitive information. \nVersions prior to nginx 1.6.1 and 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability stems from the fact that the program does not properly limit I/O buffering. The following versions are affected: nginx version 1.5.x, version 1.6.0, version 1.6.1, version 1.7.0 to version 1.7.3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04533567\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04533567\nVersion: 1\n\nHPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information,\nDenial of Service (DoS) and Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-01-10\nLast Updated: 2015-01-10\n\n- -----------------------------------------------------------------------------\n\nPotential Security Impact: Remote disclosure of information, Denial of\nService (DoS) and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP SSL for\nOpenVMS. These vulnerabilities could be remotely exploited to create a remote\ndisclosure of information, Denial of Service, and other vulnerabilities. \n\nReferences:\n\nCVE-2014-3556 - cryptographic issues (CWE-310)\nCVE-2014-3567 - remote Denial of Service (DoS) (CWE-20, CWE-399)\nCVE-2014-3568 - cryptographic issues (CWE-310)\nSSRT101779\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL for OpenVMS - All versions prior to Version 1.4-495\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP SSL Version 1.4-495 for OpenVMS is based on Open Source OpenSSL version\n0.9.8zc and includes the latest security updates from OpenSSL.org. \n\nHP has made the following patch kit available to resolve the vulnerabilities. \n\nThe HP SSL Version 1.4-495 for OpenVMS is available from the following\nlocations:\n\nOpenVMS HP SSL website:\nhttp://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\nThe HP SSL Version 1.4-495 for OpenVMS kits for both Integrity and Alpha\nplatforms have been uploaded to HP Support Center website. Customers can\naccess the kits from Patch Management page. \n\nGo to https://h20566.www2.hp.com/portal/site/hpsc/patch/home/\n\nLogin using your HP Passport account\n\nSearch for the Patch Kit Name from the table below\n\nHP SSL Version OpenVMS\n Platform\n Patch Kit Name\n\nV1.4-495\n Alpha\n\nOpenVMS V8.3, V8.4\n HP-AXPVMS-SSL-V0104\n\nV1.4-495\n ITANIUM\n\nOpenVMS V8.3, V8.3-1H1, V8.4\n HP-I64VMS-SSL-V0104\n\nHISTORY\nVersion:1 (rev.1) - 10 December 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlSwdq4ACgkQ4B86/C0qfVmlZgCg825/1F8UumLLhYt0pKaqeN5n\nFj0AoJvSKKRxuu+/ayOhqr97QoDWGTSX\n=ZBgU\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2014-3556" }, { "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "db": "BID", "id": "69111" }, { "db": "VULHUB", "id": "VHN-71496" }, { "db": "PACKETSTORM", "id": "129877" } ], "trust": 2.07 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-71496", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-71496" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3556", "trust": 2.9 }, { "db": "JVNDB", "id": "JVNDB-2014-007439", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201408-095", "trust": 0.7 }, { "db": "BID", "id": "69111", "trust": 0.4 }, { "db": "PACKETSTORM", "id": "129877", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-71496", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-71496" }, { "db": "BID", "id": "69111" }, { "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "db": "PACKETSTORM", "id": "129877" }, { "db": "NVD", "id": "CVE-2014-3556" }, { "db": "CNNVD", "id": "CNNVD-201408-095" } ] }, "id": "VAR-201412-0610", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-71496" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:13:03.115000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HPSBOV03227", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "title": "http://nginx.org/download/patch.2014.starttls.txt", "trust": 0.8, "url": "http://nginx.org/download/patch.2014.starttls.txt" }, { "title": "Bug 1126891", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126891" }, { "title": "CVE-2014-3556", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html" }, { "title": "nginx-1.6.1", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=53046" }, { "title": "nginx-1.7.4", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=53049" }, { "title": "nginx-1.7.4", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=53048" }, { "title": "nginx-1.6.1", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=53047" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "db": "CNNVD", "id": "CNNVD-201408-095" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-77", "trust": 1.1 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-71496" }, { "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "db": "NVD", "id": "CVE-2014-3556" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://nginx.org/download/patch.2014.starttls.txt" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126891" }, { "trust": 1.7, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3556" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3556" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142103967620673\u0026amp;w=2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/patch/home/" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3556" } ], "sources": [ { "db": "VULHUB", "id": "VHN-71496" }, { "db": "BID", "id": "69111" }, { "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "db": "PACKETSTORM", "id": "129877" }, { "db": "NVD", "id": "CVE-2014-3556" }, { "db": "CNNVD", "id": "CNNVD-201408-095" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-71496" }, { "db": "BID", "id": "69111" }, { "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "db": "PACKETSTORM", "id": "129877" }, { "db": "NVD", "id": "CVE-2014-3556" }, { "db": "CNNVD", "id": "CNNVD-201408-095" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-29T00:00:00", "db": "VULHUB", "id": "VHN-71496" }, { "date": "2014-08-07T00:00:00", "db": "BID", "id": "69111" }, { "date": "2015-01-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "date": "2015-01-12T17:14:20", "db": "PACKETSTORM", "id": "129877" }, { "date": "2014-12-29T20:59:03.943000", "db": "NVD", "id": "CVE-2014-3556" }, { "date": "2014-08-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-095" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-71496" }, { "date": "2014-08-07T00:00:00", "db": "BID", "id": "69111" }, { "date": "2015-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "date": "2021-11-10T15:59:33.300000", "db": "NVD", "id": "CVE-2014-3556" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-095" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "129877" }, { "db": "CNNVD", "id": "CNNVD-201408-095" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of SMTP proxy of mail/ngx_mail_smtp_handler.c of STARTTLS Encrypted in implementation SMTP Command injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007439" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "command injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201408-095" } ], "trust": 0.6 } }
var-201404-0682
Vulnerability from variot
The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. nginx SPDY Implementation 1.5.10 is vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0682", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "eq", "trust": 1.4, "vendor": "igor sysoev", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.10" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.5.10" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "1.5.11" } ], "sources": [ { "db": "BID", "id": "67507" }, { "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "db": "NVD", "id": "CVE-2014-0088" }, { "db": "CNNVD", "id": "CNNVD-201404-576" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0088" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Lucas Molas", "sources": [ { "db": "BID", "id": "67507" } ], "trust": 0.3 }, "cve": "CVE-2014-0088", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2014-0088", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-67581", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-0088", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201404-576", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-67581", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2014-0088", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-67581" }, { "db": "VULMON", "id": "CVE-2014-0088" }, { "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "db": "NVD", "id": "CVE-2014-0088" }, { "db": "CNNVD", "id": "CNNVD-201404-576" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. \nAn attacker can exploit this issue to execute arbitrary code in the context of the affected application. \nnginx SPDY Implementation 1.5.10 is vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev", "sources": [ { "db": "NVD", "id": "CVE-2014-0088" }, { "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "db": "BID", "id": "67507" }, { "db": "VULHUB", "id": "VHN-67581" }, { "db": "VULMON", "id": "CVE-2014-0088" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0088", "trust": 2.9 }, { "db": "SECTRACK", "id": "1030150", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2014-002327", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201404-576", "trust": 0.7 }, { "db": "BID", "id": "67507", "trust": 0.4 }, { "db": "VULHUB", "id": "VHN-67581", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2014-0088", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-67581" }, { "db": "VULMON", "id": "CVE-2014-0088" }, { "db": "BID", "id": "67507" }, { "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "db": "NVD", "id": "CVE-2014-0088" }, { "db": "CNNVD", "id": "CNNVD-201404-576" } ] }, "id": "VAR-201404-0682", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-67581" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:09:25.139000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2014-0088", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html" }, { "title": "nginx-1.5.11", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=49670" }, { "title": "nginx-1.5.11", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=49669" }, { "title": "Red Hat: CVE-2014-0088", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0088" }, { "title": "usn-search", "trust": 0.1, "url": "https://github.com/lukeber4/usn-search " }, { "title": "", "trust": 0.1, "url": "https://github.com/aravindb26/new.txt " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0088" }, { "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "db": "CNNVD", "id": "CNNVD-201404-576" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-67581" }, { "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "db": "NVD", "id": "CVE-2014-0088" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1030150" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0088" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0088" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33959" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-67581" }, { "db": "VULMON", "id": "CVE-2014-0088" }, { "db": "BID", "id": "67507" }, { "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "db": "NVD", "id": "CVE-2014-0088" }, { "db": "CNNVD", "id": "CNNVD-201404-576" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-67581" }, { "db": "VULMON", "id": "CVE-2014-0088" }, { "db": "BID", "id": "67507" }, { "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "db": "NVD", "id": "CVE-2014-0088" }, { "db": "CNNVD", "id": "CNNVD-201404-576" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-29T00:00:00", "db": "VULHUB", "id": "VHN-67581" }, { "date": "2014-04-29T00:00:00", "db": "VULMON", "id": "CVE-2014-0088" }, { "date": "2014-03-04T00:00:00", "db": "BID", "id": "67507" }, { "date": "2014-05-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "date": "2014-04-29T14:38:49.920000", "db": "NVD", "id": "CVE-2014-0088" }, { "date": "2014-04-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-576" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-67581" }, { "date": "2021-11-10T00:00:00", "db": "VULMON", "id": "CVE-2014-0088" }, { "date": "2014-03-04T00:00:00", "db": "BID", "id": "67507" }, { "date": "2014-05-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "date": "2021-11-10T15:59:33.673000", "db": "NVD", "id": "CVE-2014-0088" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-576" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-576" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of ngx_http_spdy_module Module SPDY Vulnerabilities in arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002327" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-576" } ], "trust": 0.6 } }
var-201606-0476
Vulnerability from variot
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. nginx is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions. nginx 1.3.9 through 1.11.0 are vulnerable. A security vulnerability exists in the os/unix/ngx_files.c file of nginx versions prior to 1.10.1 and versions 1.11.x prior to 1.11.1. ========================================================================== Ubuntu Security Notice USN-2991-1 June 02, 2016
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
nginx could be made to crash if it received specially crafted network traffic.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: nginx-core 1.10.0-0ubuntu0.16.04.2 nginx-extras 1.10.0-0ubuntu0.16.04.2 nginx-full 1.10.0-0ubuntu0.16.04.2 nginx-light 1.10.0-0ubuntu0.16.04.2
Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.2 nginx-extras 1.9.3-1ubuntu1.2 nginx-full 1.9.3-1ubuntu1.2 nginx-light 1.9.3-1ubuntu1.2
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.5 nginx-extras 1.4.6-1ubuntu3.5 nginx-full 1.4.6-1ubuntu3.5 nginx-light 1.4.6-1ubuntu3.5
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1). (CVE-2016-4450)
-
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. (CVE-2016-0742)
-
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration. (CVE-2016-0746)
-
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. (CVE-2016-0747)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
For the stable distribution (jessie), this problem has been fixed in version 1.6.2-5+deb8u2.
For the unstable distribution (sid), this problem has been fixed in version 1.10.1-1.
We recommend that you upgrade your nginx packages
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0476", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.6, "vendor": "debian", "version": "8.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.11.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.3.9" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.10" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.10.1" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.11.1" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "15.10" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "16.04 lts" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "of 1.11.x" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "14.04 lts" }, { "model": "gnu/linux", "scope": "eq", "trust": 0.8, "vendor": "debian", "version": "8.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.9.1" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.9" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.8.1" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.7.5" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.7.3" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.0.1" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.9.2" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.11.1" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.10.1" }, { "model": "aspera shares", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "1.9.6" }, { "model": "aspera shares", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "1.9.4" } ], "sources": [ { "db": "BID", "id": "90967" }, { "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "db": "NVD", "id": "CVE-2016-4450" }, { "db": "CNNVD", "id": "CNNVD-201606-010" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.10.1", "versionStartIncluding": "1.3.9", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-4450" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "90967" } ], "trust": 0.3 }, "cve": "CVE-2016-4450", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-4450", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-93269", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-4450", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-4450", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201606-010", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-93269", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-93269" }, { "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "db": "NVD", "id": "CVE-2016-4450" }, { "db": "CNNVD", "id": "CNNVD-201606-010" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. nginx is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions. \nnginx 1.3.9 through 1.11.0 are vulnerable. A security vulnerability exists in the os/unix/ngx_files.c file of nginx versions prior to 1.10.1 and versions 1.11.x prior to 1.11.1. ==========================================================================\nUbuntu Security Notice USN-2991-1\nJune 02, 2016\n\nnginx vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nnginx could be made to crash if it received specially crafted network\ntraffic. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n nginx-core 1.10.0-0ubuntu0.16.04.2\n nginx-extras 1.10.0-0ubuntu0.16.04.2\n nginx-full 1.10.0-0ubuntu0.16.04.2\n nginx-light 1.10.0-0ubuntu0.16.04.2\n\nUbuntu 15.10:\n nginx-core 1.9.3-1ubuntu1.2\n nginx-extras 1.9.3-1ubuntu1.2\n nginx-full 1.9.3-1ubuntu1.2\n nginx-light 1.9.3-1ubuntu1.2\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.5\n nginx-extras 1.4.6-1ubuntu3.5\n nginx-full 1.4.6-1ubuntu3.5\n nginx-light 1.4.6-1ubuntu3.5\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2016:1425-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1425\nIssue date: 2016-07-14\nCVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 \n CVE-2016-4450 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web and proxy server with a focus on high concurrency,\nperformance, and low memory usage. \n\nThe following packages have been upgraded to a newer upstream version:\nrh-nginx18-nginx (1.8.1). (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and\ndereference an invalid pointer when resolving CNAME DNS records. An\nattacker able to manipulate DNS responses received by nginx could use this\nflaw to cause a worker process to crash if nginx enabled the resolver in\nits configuration. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME\nDNS records. An attacker able to manipulate DNS responses received by nginx\ncould use this flaw to cause a worker process to crash or, possibly,\nexecute arbitrary code if nginx enabled the resolver in its configuration. \n(CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME\nDNS records. An attacker able to manipulate DNS responses received by nginx\ncould use this flaw to cause a worker process to use an excessive amount of\nresources if nginx enabled the resolver in its configuration. \n(CVE-2016-0747)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0742\nhttps://access.redhat.com/security/cve/CVE-2016-0746\nhttps://access.redhat.com/security/cve/CVE-2016-0747\nhttps://access.redhat.com/security/cve/CVE-2016-4450\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp\nZhbDRXs2sdXbnakZ6oJi/K8=\n=7RBd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.6.2-5+deb8u2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.10.1-1. \n\nWe recommend that you upgrade your nginx packages", "sources": [ { "db": "NVD", "id": "CVE-2016-4450" }, { "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "db": "BID", "id": "90967" }, { "db": "VULHUB", "id": "VHN-93269" }, { "db": "PACKETSTORM", "id": "137296" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "137286" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-4450", "trust": 3.2 }, { "db": "BID", "id": "90967", "trust": 2.0 }, { "db": "SECTRACK", "id": "1036019", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2016-003032", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201606-010", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.1717", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "137286", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "137296", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-93269", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137908", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137518", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-93269" }, { "db": "BID", "id": "90967" }, { "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "db": "PACKETSTORM", "id": "137296" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "137286" }, { "db": "NVD", "id": "CVE-2016-4450" }, { "db": "CNNVD", "id": "CNNVD-201606-010" } ] }, "id": "VAR-201606-0476", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-93269" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:30:05.930000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-3592", "trust": 0.8, "url": "http://www.debian.org/security/2016/dsa-3592" }, { "title": "USN-2991-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/usn-2991-1/" }, { "title": "CVE-2016-4450", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html" }, { "title": "nginx Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=62036" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "db": "CNNVD", "id": "CNNVD-201606-010" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.1 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-93269" }, { "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "db": "NVD", "id": "CVE-2016-4450" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201606-06" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2016:1425" }, { "trust": 1.8, "url": "http://www.ubuntu.com/usn/usn-2991-1" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/90967" }, { "trust": 1.7, "url": "http://www.debian.org/security/2016/dsa-3592" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1036019" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4450" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4450" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1717/" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341462" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.5" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.10.0-0ubuntu0.16.04.2" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0742" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0747" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0746" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4450" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" } ], "sources": [ { "db": "VULHUB", "id": "VHN-93269" }, { "db": "BID", "id": "90967" }, { "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "db": "PACKETSTORM", "id": "137296" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "137286" }, { "db": "NVD", "id": "CVE-2016-4450" }, { "db": "CNNVD", "id": "CNNVD-201606-010" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-93269" }, { "db": "BID", "id": "90967" }, { "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "db": "PACKETSTORM", "id": "137296" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "137286" }, { "db": "NVD", "id": "CVE-2016-4450" }, { "db": "CNNVD", "id": "CNNVD-201606-010" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-06-07T00:00:00", "db": "VULHUB", "id": "VHN-93269" }, { "date": "2016-05-31T00:00:00", "db": "BID", "id": "90967" }, { "date": "2016-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "date": "2016-06-02T16:24:00", "db": "PACKETSTORM", "id": "137296" }, { "date": "2016-07-14T20:08:00", "db": "PACKETSTORM", "id": "137908" }, { "date": "2016-06-17T23:50:23", "db": "PACKETSTORM", "id": "137518" }, { "date": "2016-06-01T23:31:23", "db": "PACKETSTORM", "id": "137286" }, { "date": "2016-06-07T14:06:14.200000", "db": "NVD", "id": "CVE-2016-4450" }, { "date": "2016-06-02T00:00:00", "db": "CNNVD", "id": "CNNVD-201606-010" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-93269" }, { "date": "2016-10-26T00:19:00", "db": "BID", "id": "90967" }, { "date": "2016-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "date": "2021-11-10T16:00:48.823000", "db": "NVD", "id": "CVE-2016-4450" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201606-010" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "137296" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "CNNVD", "id": "CNNVD-201606-010" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of os/unix/ngx_files.c Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-003032" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201606-010" } ], "trust": 0.6 } }
var-201908-0421
Vulnerability from variot
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx114-nginx security update Advisory ID: RHSA-2019:2775-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2775 Issue date: 2019-09-16 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary:
An update for rh-nginx114-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
-
HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx114-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm
aarch64: rh-nginx114-nginx-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.aarch64.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm
aarch64: rh-nginx114-nginx-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.aarch64.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXYD0u9zjgjWX9erEAQh90w/7BWdh3Jxs9cP+P0kgwkv3Y0BLGblHx0B4 3BkFoa4B+/k2xrCOl+vy6cPip7PY7KVemOfv6g3BYlqAISOxU2lSjScEMwhdrh4g 2Ng7xkoUOoQ0KfXmVzMayVUkRwgam+utdacHnNgdGdYPwhCmticW0n5PfNakMOb6 CCmUZ91tfV7orMPiH+f1nBIulXok4zcOzdvZElSh97dmQcjoi+T5EoqbcFY8n5Ck Y+COohJ3X026oab73Tr2Kayju43TJGUdNR8lVmap4H8QkXqvbTrjd2YqXj8Zg7qr oNh7J2jnRec01+rYG8sL225+ZrdTtZ6c7kXQpUDh+jkjDImfJZz38HkI5/mRU+iS VSqP5PAhKvYlOXvIGIOoWtMXLDmnuzVEo/E/tScHc85Mp+6B5yM5r93dTGuRfjo1 yvSIftS3y7A8NtP7oJvpvVhcVAyc024X124PtojSoL+s5K60jzy06rky4WxIy0uh kqK1W/SowueKFreJjBo4N6ZZ6rjBZ8okZKqWjRCi56szhP3KJ4+563g5VfltLsd5 YqN9li8tUNzjrehVkZKEKfv6RkEQUuAbyAEVL6yFzVk3lTf1SgjlQhCNedWmD6N7 aeVU/tMNw4gMXXtmLPObL54HNUNgM799BLVzzna+wofr2iT7nnUZakCsfn+jHYk7 3Z3oFnpnL5o=L5z9 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5 JBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11 JBEAP-17365 - GSS Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7 JBEAP-17476 - GSS Upgrade Generic JMS RA 2.0.2.Final JBEAP-17478 - GSS Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final JBEAP-17483 - GSS Upgrade Apache CXF from 3.2.9 to 3.2.10 JBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17513 - GSS Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13 JBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005 JBEAP-17523 - GSS Upgrade wildfly-core from 6.0.16 to 6.0.17 JBEAP-17547 - GSS Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final JBEAP-17548 - GSS Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001 JBEAP-17560 - GSS Upgrade HAL from 3.0.16 to 3.0.17 JBEAP-17579 - GSS Upgrade JBoss MSC from 1.4.8 to 1.4.11 JBEAP-17582 - GSS Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003 JBEAP-17605 - Tracker bug for the EAP 7.2.5 release for RHEL-8 JBEAP-17631 - GSS Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3 JBEAP-17647 - GSS Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final JBEAP-17665 - GSS Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final JBEAP-17722 - GSS Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final JBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8 JBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1
For the oldstable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u3.
For the stable distribution (buster), these problems have been fixed in version 1.14.2-2+deb10u1.
We recommend that you upgrade your nginx packages.
For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1e7q4ACgkQEMKTtsN8 TjanPg/+JLLuKVdUDpVPFNkX1ckmT5gsoCwzGz3ybhcDMxbf7jD8jtmXFiGFn4fP MXsx6MgrRZn3hq+2VF6MKZjKh9n1hBX38PkqjHKEtV6Xzor97xxLH0rrMlBMEQ7y rz96YTffJfcj+ykI3Vlye1GGDEiKyu0vWgoutXH3i8GUYFyDk//HQdI0eJLQhkfo TMRdbAKmMGeMt/8tSz4G0wewdxc9xjNwE1lKkV22JbT6t656f5QtvOLxt2HvM5c4 gFtFFBv7e1ymh0CKz4VxOxjEH+4ogx5HfzcYP2LjaZJsCFOw8ZUbdieFhlF0R2jH vskBuYLPa/djYHoZ55KY/WTmTsn72y7ZEuQcAdiHRVjg6wRFaum/KkdwutBBCeEj odvrGUcgdLLx4uAC7JOt9HME77Rgu1wTnx3l9L3QCwxIXpHqL8zOuSrSKYDuntDT agQ/awapEYYK5IAgo7YGkhHHHbTSLQ2UX9KfmyoPXJ+H9Vl/XjGhPwdDSEYNqrE9 IKQ8gaFCVOgjJo8lTa5NBsvxa08Gh6jQGZo8Rgfjs4KvUS847Cpb086BvU9pMs36 46+cLbkJ2jkfMLd4slZ5Gf2wkagUJmeZD5O7bY90Szs/IUOJez0LWaN3l7VSMtvY a3a/Y53cX1QYt60eiE6x/ifraOHzcsJglrUNmK8VPfJ9tSTFhWY=+ZOE -----END PGP SIGNATURE----- . The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/
- Bugs fixed (https://bugzilla.redhat.com/):
1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource 1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig 1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package 1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package 1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package 1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources. 1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource 1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default 1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS 1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db. 1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1798524 - CVE-2019-20444 netty: HTTP request smuggling 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1815212 - CVE-2020-1953 apache-commons-configuration: uncontrolled class instantiation when loading YAML files 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory 1848960 - CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool 1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool 1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms
- Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update). Description:
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically. 7) - noarch, x86_64
- Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.16.3). ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024
nghttp2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in nghttp2.
Software Description: - nghttp2: HTTP/2 C Library and tools
Details:
It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)
It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)
It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2
Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2
Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3
Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0421", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.1" }, { "model": "enterprise communications broker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.1.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "7.7.2.0" }, { "model": "web gateway", "scope": "lt", "trust": 1.0, "vendor": "mcafee", "version": "7.7.2.24" }, { "model": "vs960hd", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": null }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "8.16.1" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "10.12.0" }, { "model": "openshift service mesh", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "software collections", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "8.9.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "29" }, { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.0.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2.0" }, { "model": "web gateway", "scope": "lt", "trust": 1.0, "vendor": "mcafee", "version": "8.2.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.17.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "12.0.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.13.0" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.17.2" }, { "model": "traffic server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "8.0.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "8.0.0" }, { "model": "enterprise communications broker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.2.0" }, { "model": "diskstation manager", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": "6.2" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "12.8.1" }, { "model": "swiftnio", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "1.4.0" }, { "model": "traffic server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "7.0.0" }, { "model": "quay", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "3.0.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "jboss core services", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "traffic server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "7.1.6" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "8.1.0" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "10.16.3" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.9.5" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "traffic server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "8.0.3" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "30" }, { "model": "web gateway", "scope": "lt", "trust": 1.0, "vendor": "mcafee", "version": "7.8.2.13" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "skynas", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": null }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.16.1" }, { "model": "swiftnio", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "1.0.0" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "7.8.2.0" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "8.8.1" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "19.04" }, { "model": "traffic server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "6.0.0" }, { "model": "traffic server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "6.2.3" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "akamai", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "amazon", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apache traffic server", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cloudflare", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "envoy", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "facebook", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "go programming language", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "litespeed", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "netty", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "node js", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "twisted", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "grpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nghttp2", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nginx", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#605641" }, { "db": "NVD", "id": "CVE-2019-9511" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.4.0", "versionStartIncluding": "1.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "10.12", "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "14.04", "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.3", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.1.6", "versionStartIncluding": "7.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.2.3", "versionStartIncluding": "6.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.7.2.24", "versionStartIncluding": "7.7.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.8.2.13", "versionStartIncluding": "7.8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.2.0", "versionStartIncluding": "8.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.16.1", "versionStartIncluding": "1.9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.17.2", "versionStartIncluding": "1.17.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "8.8.1", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "10.12.0", "versionStartIncluding": "10.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "12.8.1", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "10.16.3", "versionStartIncluding": "10.13.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "8.16.1", "versionStartIncluding": "8.9.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-9511" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "154510" }, { "db": "PACKETSTORM", "id": "155479" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157214" }, { "db": "PACKETSTORM", "id": "155416" }, { "db": "PACKETSTORM", "id": "154693" } ], "trust": 0.6 }, "cve": "CVE-2019-9511", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-160946", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cret@cert.org", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-9511", "trust": 1.0, "value": "HIGH" }, { "author": "cret@cert.org", "id": "CVE-2019-9511", "trust": 1.0, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-160946", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-160946" }, { "db": "NVD", "id": "CVE-2019-9511" }, { "db": "NVD", "id": "CVE-2019-9511" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx114-nginx security update\nAdvisory ID: RHSA-2019:2775-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2775\nIssue date: 2019-09-16\nCVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\n====================================================================\n1. Summary:\n\nAn update for rh-nginx114-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx114-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXYD0u9zjgjWX9erEAQh90w/7BWdh3Jxs9cP+P0kgwkv3Y0BLGblHx0B4\n3BkFoa4B+/k2xrCOl+vy6cPip7PY7KVemOfv6g3BYlqAISOxU2lSjScEMwhdrh4g\n2Ng7xkoUOoQ0KfXmVzMayVUkRwgam+utdacHnNgdGdYPwhCmticW0n5PfNakMOb6\nCCmUZ91tfV7orMPiH+f1nBIulXok4zcOzdvZElSh97dmQcjoi+T5EoqbcFY8n5Ck\nY+COohJ3X026oab73Tr2Kayju43TJGUdNR8lVmap4H8QkXqvbTrjd2YqXj8Zg7qr\noNh7J2jnRec01+rYG8sL225+ZrdTtZ6c7kXQpUDh+jkjDImfJZz38HkI5/mRU+iS\nVSqP5PAhKvYlOXvIGIOoWtMXLDmnuzVEo/E/tScHc85Mp+6B5yM5r93dTGuRfjo1\nyvSIftS3y7A8NtP7oJvpvVhcVAyc024X124PtojSoL+s5K60jzy06rky4WxIy0uh\nkqK1W/SowueKFreJjBo4N6ZZ6rjBZ8okZKqWjRCi56szhP3KJ4+563g5VfltLsd5\nYqN9li8tUNzjrehVkZKEKfv6RkEQUuAbyAEVL6yFzVk3lTf1SgjlQhCNedWmD6N7\naeVU/tMNw4gMXXtmLPObL54HNUNgM799BLVzzna+wofr2iT7nnUZakCsfn+jHYk7\n3Z3oFnpnL5o=L5z9\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5\nJBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11\nJBEAP-17365 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7\nJBEAP-17476 - [GSS](7.2.z) Upgrade Generic JMS RA 2.0.2.Final\nJBEAP-17478 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final\nJBEAP-17483 - [GSS](7.2.z) Upgrade Apache CXF from 3.2.9 to 3.2.10\nJBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17513 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13\nJBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005\nJBEAP-17523 - [GSS](7.2.z) Upgrade wildfly-core from 6.0.16 to 6.0.17\nJBEAP-17547 - [GSS](7.2.z) Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final\nJBEAP-17548 - [GSS](7.2.z) Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001\nJBEAP-17560 - [GSS](7.2.z) Upgrade HAL from 3.0.16 to 3.0.17\nJBEAP-17579 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.8 to 1.4.11\nJBEAP-17582 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003\nJBEAP-17605 - Tracker bug for the EAP 7.2.5 release for RHEL-8\nJBEAP-17631 - [GSS](7.2.z) Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3\nJBEAP-17647 - [GSS](7.2.z) Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final\nJBEAP-17665 - [GSS](7.2.z) Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final\nJBEAP-17722 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final\nJBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8\nJBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1\n\n7. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 1.10.3-1+deb9u3. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.14.2-2+deb10u1. \n\nWe recommend that you upgrade your nginx packages. \n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1e7q4ACgkQEMKTtsN8\nTjanPg/+JLLuKVdUDpVPFNkX1ckmT5gsoCwzGz3ybhcDMxbf7jD8jtmXFiGFn4fP\nMXsx6MgrRZn3hq+2VF6MKZjKh9n1hBX38PkqjHKEtV6Xzor97xxLH0rrMlBMEQ7y\nrz96YTffJfcj+ykI3Vlye1GGDEiKyu0vWgoutXH3i8GUYFyDk//HQdI0eJLQhkfo\nTMRdbAKmMGeMt/8tSz4G0wewdxc9xjNwE1lKkV22JbT6t656f5QtvOLxt2HvM5c4\ngFtFFBv7e1ymh0CKz4VxOxjEH+4ogx5HfzcYP2LjaZJsCFOw8ZUbdieFhlF0R2jH\nvskBuYLPa/djYHoZ55KY/WTmTsn72y7ZEuQcAdiHRVjg6wRFaum/KkdwutBBCeEj\nodvrGUcgdLLx4uAC7JOt9HME77Rgu1wTnx3l9L3QCwxIXpHqL8zOuSrSKYDuntDT\nagQ/awapEYYK5IAgo7YGkhHHHbTSLQ2UX9KfmyoPXJ+H9Vl/XjGhPwdDSEYNqrE9\nIKQ8gaFCVOgjJo8lTa5NBsvxa08Gh6jQGZo8Rgfjs4KvUS847Cpb086BvU9pMs36\n46+cLbkJ2jkfMLd4slZ5Gf2wkagUJmeZD5O7bY90Szs/IUOJez0LWaN3l7VSMtvY\na3a/Y53cX1QYt60eiE6x/ifraOHzcsJglrUNmK8VPfJ9tSTFhWY=+ZOE\n-----END PGP SIGNATURE-----\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. \n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource\n1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig\n1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package\n1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package\n1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package\n1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*\n1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource\n1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source\n1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default\n1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS\n1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*\n1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page\n1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header\n1798524 - CVE-2019-20444 netty: HTTP request smuggling\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1815212 - CVE-2020-1953 apache-commons-configuration: uncontrolled class instantiation when loading YAML files\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848960 - CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n\n5. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. After installing the updated\npackages, the httpd daemon will be restarted automatically. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs10-nodejs (10.16.3). ==========================================================================\nUbuntu Security Notice USN-6754-1\nApril 25, 2024\n\nnghttp2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. \n\nSoftware Description:\n- nghttp2: HTTP/2 C Library and tools\n\nDetails:\n\nIt was discovered that nghttp2 incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nnghttp2 to consume resources, leading to a denial of service. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\nCVE-2019-9513)\n\nIt was discovered that nghttp2 incorrectly handled request cancellation. A\nremote attacker could possibly use this issue to cause nghttp2 to consume\nresources, leading to a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\nIt was discovered that nghttp2 could be made to process an unlimited number\nof HTTP/2 CONTINUATION frames. A remote attacker could possibly use this\nissue to cause nghttp2 to consume resources, leading to a denial of\nservice. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n libnghttp2-14 1.55.1-1ubuntu0.2\n nghttp2 1.55.1-1ubuntu0.2\n nghttp2-client 1.55.1-1ubuntu0.2\n nghttp2-proxy 1.55.1-1ubuntu0.2\n nghttp2-server 1.55.1-1ubuntu0.2\n\nUbuntu 22.04 LTS:\n libnghttp2-14 1.43.0-1ubuntu0.2\n nghttp2 1.43.0-1ubuntu0.2\n nghttp2-client 1.43.0-1ubuntu0.2\n nghttp2-proxy 1.43.0-1ubuntu0.2\n nghttp2-server 1.43.0-1ubuntu0.2\n\nUbuntu 20.04 LTS:\n libnghttp2-14 1.40.0-1ubuntu0.3\n nghttp2 1.40.0-1ubuntu0.3\n nghttp2-client 1.40.0-1ubuntu0.3\n nghttp2-proxy 1.40.0-1ubuntu0.3\n nghttp2-server 1.40.0-1ubuntu0.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.30.0-1ubuntu1+esm2\n nghttp2 1.30.0-1ubuntu1+esm2\n nghttp2-client 1.30.0-1ubuntu1+esm2\n nghttp2-proxy 1.30.0-1ubuntu1+esm2\n nghttp2-server 1.30.0-1ubuntu1+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.7.1-1ubuntu0.1~esm2\n nghttp2 1.7.1-1ubuntu0.1~esm2\n nghttp2-client 1.7.1-1ubuntu0.1~esm2\n nghttp2-proxy 1.7.1-1ubuntu0.1~esm2\n nghttp2-server 1.7.1-1ubuntu0.1~esm2\n\nIn general, a standard system update will make all the necessary changes", "sources": [ { "db": "NVD", "id": "CVE-2019-9511" }, { "db": "CERT/CC", "id": "VU#605641" }, { "db": "VULHUB", "id": "VHN-160946" }, { "db": "PACKETSTORM", "id": "154510" }, { "db": "PACKETSTORM", "id": "155479" }, { "db": "PACKETSTORM", "id": "154190" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157214" }, { "db": "PACKETSTORM", "id": "155416" }, { "db": "PACKETSTORM", "id": "154693" }, { "db": "PACKETSTORM", "id": "168812" }, { "db": "PACKETSTORM", "id": "178284" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-9511", "trust": 2.0 }, { "db": "CERT/CC", "id": "VU#605641", "trust": 1.9 }, { "db": "MCAFEE", "id": "SB10296", "trust": 1.1 }, { "db": "PACKETSTORM", "id": "158636", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "154693", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "154510", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "154190", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "154725", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154284", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154401", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154712", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154117", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154663", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154471", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154699", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154533", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154470", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154848", "trust": 0.1 }, { "db": "CNNVD", "id": "CNNVD-201908-924", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-160946", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155479", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "157214", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155416", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168812", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "178284", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#605641" }, { "db": "VULHUB", "id": "VHN-160946" }, { "db": "PACKETSTORM", "id": "154510" }, { "db": "PACKETSTORM", "id": "155479" }, { "db": "PACKETSTORM", "id": "154190" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157214" }, { "db": "PACKETSTORM", "id": "155416" }, { "db": "PACKETSTORM", "id": "154693" }, { "db": "PACKETSTORM", "id": "168812" }, { "db": "PACKETSTORM", "id": "178284" }, { "db": "NVD", "id": "CVE-2019-9511" } ] }, "id": "VAR-201908-0421", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-160946" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:49:30.261000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-770", "trust": 1.1 }, { "problemtype": "CWE-400", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-160946" }, { "db": "NVD", "id": "CVE-2019-9511" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "trust": 1.9, "url": "https://www.synology.com/security/advisory/synology_sa_19_33" }, { "trust": 1.6, "url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2019:2775" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2019:2939" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2019:3933" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2019:4020" }, { "trust": 1.1, "url": "https://seclists.org/bugtraq/2019/aug/40" }, { "trust": 1.1, "url": "https://seclists.org/bugtraq/2019/sep/1" }, { "trust": 1.1, "url": "https://kb.cert.org/vuls/id/605641/" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20190823-0002/" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20190823-0005/" }, { "trust": 1.1, "url": "https://support.f5.com/csp/article/k02591030" }, { "trust": 1.1, "url": "https://www.debian.org/security/2019/dsa-4505" }, { "trust": 1.1, "url": "https://www.debian.org/security/2019/dsa-4511" }, { "trust": 1.1, "url": "https://www.debian.org/security/2020/dsa-4669" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.1, "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2019:2692" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2019:2745" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2019:2746" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2019:2799" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2019:2925" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2019:2949" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2019:2955" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2019:2966" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2019:3041" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2019:3932" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2019:3935" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2019:4018" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2019:4019" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2019:4021" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/4099-1/" }, { "trust": 1.0, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/" }, { "trust": 1.0, "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.8, "url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752" }, { "trust": 0.8, "url": "https://tools.ietf.org/html/rfc7540" }, { "trust": 0.8, "url": "https://tools.ietf.org/html/rfc7541" }, { "trust": 0.8, "url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/" }, { "trust": 0.8, "url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/" }, { "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518" }, { "trust": 0.6, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-9516" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9513" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9517" }, { "trust": 0.2, "url": "https://www.debian.org/security/faq" }, { "trust": 0.2, "url": "https://www.debian.org/security/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-20444" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-20445" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296" }, { "trust": 0.1, "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14843" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14838" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14843" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/nginx" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16335" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11112" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11113" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10968" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14060" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16943" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11619" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20330" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17531" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14062" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4970" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14540" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1745" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10172" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1953" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1757" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10969" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14893" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11111" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17573" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14888" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14892" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14061" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3192" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14195" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.4.3" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16869" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:1445" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10247" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10241" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-0737" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-17199" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0217" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0197" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-17189" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-5407" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0196" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-0734" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/nodejs" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15606" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15604" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15605" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-6754-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-28182" } ], "sources": [ { "db": "CERT/CC", "id": "VU#605641" }, { "db": "VULHUB", "id": "VHN-160946" }, { "db": "PACKETSTORM", "id": "154510" }, { "db": "PACKETSTORM", "id": "155479" }, { "db": "PACKETSTORM", "id": "154190" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157214" }, { "db": "PACKETSTORM", "id": "155416" }, { "db": "PACKETSTORM", "id": "154693" }, { "db": "PACKETSTORM", "id": "168812" }, { "db": "PACKETSTORM", "id": "178284" }, { "db": "NVD", "id": "CVE-2019-9511" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#605641" }, { "db": "VULHUB", "id": "VHN-160946" }, { "db": "PACKETSTORM", "id": "154510" }, { "db": "PACKETSTORM", "id": "155479" }, { "db": "PACKETSTORM", "id": "154190" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157214" }, { "db": "PACKETSTORM", "id": "155416" }, { "db": "PACKETSTORM", "id": "154693" }, { "db": "PACKETSTORM", "id": "168812" }, { "db": "PACKETSTORM", "id": "178284" }, { "db": "NVD", "id": "CVE-2019-9511" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-13T00:00:00", "db": "CERT/CC", "id": "VU#605641" }, { "date": "2019-08-13T00:00:00", "db": "VULHUB", "id": "VHN-160946" }, { "date": "2019-09-17T20:58:22", "db": "PACKETSTORM", "id": "154510" }, { "date": "2019-11-27T15:37:53", "db": "PACKETSTORM", "id": "155479" }, { "date": "2019-08-22T20:20:23", "db": "PACKETSTORM", "id": "154190" }, { "date": "2020-07-29T00:05:59", "db": "PACKETSTORM", "id": "158636" }, { "date": "2020-04-14T15:39:41", "db": "PACKETSTORM", "id": "157214" }, { "date": "2019-11-20T20:55:55", "db": "PACKETSTORM", "id": "155416" }, { "date": "2019-09-30T22:22:22", "db": "PACKETSTORM", "id": "154693" }, { "date": "2020-04-28T19:12:00", "db": "PACKETSTORM", "id": "168812" }, { "date": "2024-04-26T15:13:40", "db": "PACKETSTORM", "id": "178284" }, { "date": "2019-08-13T21:15:12.223000", "db": "NVD", "id": "CVE-2019-9511" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-11-19T00:00:00", "db": "CERT/CC", "id": "VU#605641" }, { "date": "2020-10-22T00:00:00", "db": "VULHUB", "id": "VHN-160946" }, { "date": "2023-11-07T03:13:41.610000", "db": "NVD", "id": "CVE-2019-9511" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "178284" } ], "trust": 0.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion", "sources": [ { "db": "CERT/CC", "id": "VU#605641" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "xss", "sources": [ { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157214" } ], "trust": 0.2 } }
var-201403-0548
Vulnerability from variot
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. nginx is prone to a heap-based buffer-overflow vulnerability. Successful exploitation of this issue allow an attacker to execute arbitrary code in the context of the application, failed exploit attempts may lead to denial-of-service. nginx 1.3.15 through 1.4.7 and 1.5.0 through 1.5.12 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-20
http://security.gentoo.org/
Severity: Normal Title: nginx: Arbitrary code execution Date: June 22, 2014 Bugs: #505018 ID: 201406-20
Synopsis
A vulnerability has been found in nginx which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server. The SPDY implementation is not enabled in default configurations.
Workaround
Disable the spdy module in NGINX_MODULES_HTTP.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.7"
References
[ 1 ] CVE-2014-0133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0133
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-20.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position (CVE-2014-3616).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616 http://advisories.mageia.org/MGASA-2014-0136.html http://advisories.mageia.org/MGASA-2014-0427.html
Updated Packages:
Mandriva Business Server 2/X86_64: f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVFnUlmqjQ0CJFipgRAvneAJ0evtNmMhS+lWltq9051wHRR6vuDgCg3BW0 x8jC+tKifZWs8shTG2EYzgo= =oIRY -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201403-0548", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "opensuse", "scope": "eq", "trust": 1.4, "vendor": "novell", "version": "13.1" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.3.15" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.5.11" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.4.7" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.1" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.5.0" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.4.7" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.5.12" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.5.x" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.4.2" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null } ], "sources": [ { "db": "BID", "id": "66537" }, { "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "db": "NVD", "id": "CVE-2014-0133" }, { "db": "CNNVD", "id": "CNNVD-201403-536" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.7", "versionStartIncluding": "1.3.15", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.5.11", "versionStartIncluding": "1.5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0133" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Lucas Molas", "sources": [ { "db": "BID", "id": "66537" } ], "trust": 0.3 }, "cve": "CVE-2014-0133", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2014-0133", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-67626", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-0133", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-0133", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201403-536", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-67626", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-67626" }, { "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "db": "NVD", "id": "CVE-2014-0133" }, { "db": "CNNVD", "id": "CNNVD-201403-536" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. nginx is prone to a heap-based buffer-overflow vulnerability. \nSuccessful exploitation of this issue allow an attacker to execute arbitrary code in the context of the application, failed exploit attempts may lead to denial-of-service. \nnginx 1.3.15 through 1.4.7 and 1.5.0 through 1.5.12 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201406-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Arbitrary code execution\n Date: June 22, 2014\n Bugs: #505018\n ID: 201406-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability has been found in nginx which may allow execution of\narbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. The SPDY implementation is not enabled in default\nconfigurations. \n\nWorkaround\n==========\n\nDisable the spdy module in NGINX_MODULES_HTTP. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.4.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0133\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0133\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201406-20.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n \n Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\n it was possible to reuse cached SSL sessions in unrelated contexts,\n allowing virtual host confusion attacks in some configurations by an\n attacker in a privileged network position (CVE-2014-3616). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616\n http://advisories.mageia.org/MGASA-2014-0136.html\n http://advisories.mageia.org/MGASA-2014-0427.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm \n 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFnUlmqjQ0CJFipgRAvneAJ0evtNmMhS+lWltq9051wHRR6vuDgCg3BW0\nx8jC+tKifZWs8shTG2EYzgo=\n=oIRY\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2014-0133" }, { "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "db": "BID", "id": "66537" }, { "db": "VULHUB", "id": "VHN-67626" }, { "db": "PACKETSTORM", "id": "127175" }, { "db": "PACKETSTORM", "id": "131099" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0133", "trust": 3.0 }, { "db": "BID", "id": "66537", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2014-001833", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201403-536", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "127175", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "131099", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-67626", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-67626" }, { "db": "BID", "id": "66537" }, { "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "db": "PACKETSTORM", "id": "127175" }, { "db": "PACKETSTORM", "id": "131099" }, { "db": "NVD", "id": "CVE-2014-0133" }, { "db": "CNNVD", "id": "CNNVD-201403-536" } ] }, "id": "VAR-201403-0548", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-67626" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T12:51:48.213000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "openSUSE-SU-2014:0450", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html" }, { "title": "CVE-2014-0133", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html" }, { "title": "nginx-1.4.7-3.9.1.x86_64", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48927" }, { "title": "nginx-1.4.7-3.9.1.src", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48926" }, { "title": "nginx-1.5.12", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48924" }, { "title": "nginx-1.4.7", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48923" }, { "title": "nginx-1.4.7", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48922" }, { "title": "nginx-1.5.12", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48925" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "db": "CNNVD", "id": "CNNVD-201403-536" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-67626" }, { "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "db": "NVD", "id": "CVE-2014-0133" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://www.securityfocus.com/bid/66537" }, { "trust": 1.7, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0133" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0133" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0133" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201406-20.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0133" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://advisories.mageia.org/mgasa-2014-0136.html" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3616" }, { "trust": 0.1, "url": "http://advisories.mageia.org/mgasa-2014-0427.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3616" } ], "sources": [ { "db": "VULHUB", "id": "VHN-67626" }, { "db": "BID", "id": "66537" }, { "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "db": "PACKETSTORM", "id": "127175" }, { "db": "PACKETSTORM", "id": "131099" }, { "db": "NVD", "id": "CVE-2014-0133" }, { "db": "CNNVD", "id": "CNNVD-201403-536" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-67626" }, { "db": "BID", "id": "66537" }, { "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "db": "PACKETSTORM", "id": "127175" }, { "db": "PACKETSTORM", "id": "131099" }, { "db": "NVD", "id": "CVE-2014-0133" }, { "db": "CNNVD", "id": "CNNVD-201403-536" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-03-28T00:00:00", "db": "VULHUB", "id": "VHN-67626" }, { "date": "2014-03-18T00:00:00", "db": "BID", "id": "66537" }, { "date": "2014-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "date": "2014-06-24T00:56:14", "db": "PACKETSTORM", "id": "127175" }, { "date": "2015-03-30T21:26:01", "db": "PACKETSTORM", "id": "131099" }, { "date": "2014-03-28T15:55:08.607000", "db": "NVD", "id": "CVE-2014-0133" }, { "date": "2014-03-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201403-536" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-67626" }, { "date": "2014-06-23T06:45:00", "db": "BID", "id": "66537" }, { "date": "2014-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "date": "2021-11-10T15:59:33.583000", "db": "NVD", "id": "CVE-2014-0133" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201403-536" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201403-536" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of SPDY Implementation of heap-based buffer overflow vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001833" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201403-536" } ], "trust": 0.6 } }
var-201412-0611
Vulnerability from variot
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party with certain rights, Virtual Host Confusion An attack may be executed. nginx is prone to a session-fixation vulnerability. An attacker can exploit this issue to hijack an arbitrary session or gain access to the sensitive information. This may aid in further attacks. nginx 0.5.6 through 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev.
For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy3.
For the testing distribution (jessie), this problem has been fixed in version 1.6.2-1.
For the unstable distribution (sid), this problem has been fixed in version 1.6.2-1.
We recommend that you upgrade your nginx packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJUHRscAAoJEAVMuPMTQ89EGuUP/iedSRE21l/sSyJRUxP5GIoC GjKzrIsbFFDHY9gKH0JUJbVc5ayeEciHLWY7cY119Rlim6/IPpd4T246y4QzPyYd W0tI7eAmmg2zOjCIafubvLHii+FYQ93xSn6Y09CEL9XiHmVxDHS/uDdCBcQKhKaI rXaVc+VAg+I396RcyE6houS1GTPoUmkhJkMKOu4HCutx6foXjT78wLFJEiFLAy9I vVPhZ1+En1PqaJgqry8FEwkreiNF+Lzjb1VLpQzvNzi21uRhz3sPDCy6Y2nkMEhV 4fdYZJKEJGHWC/cdZXCwu5T4lnAZWSB7QYa26yiaUraWO9SrqJw20HgN1YnuGTFf YbeG3qdhMjEYVsdyi0VARtw3yZXfy122/yE0vvaYv0HKFp4Nrzm/5NBysuO+Zcg2 zt422dH9O0bLasJp6lm3tcSzGkfME7Fz63X6/CNupzoFnXcVP+IQpEHYD53+S1mf 3CUPp8sFxauuWuCpMb7hbD8hzYzrPRxB6cRsdAoKxSqTUn+dPOZRFp84tRuW0U5c mBs7DfmfWnnscmTJ/gUbeES+Ac8Tfbrr1Rsz12vAs7onuXxHHH/NSihtsLGYQ17N xzgGSXfgAfnky2J5ZkTOTVE+LvKkoWQX3cq8a+t5JaZjGJZinDkU5CSTOyik80Nr dGeskBuPPhZC1qYrJkyI =XURr -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2351-1 September 22, 2014
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
nginx could be made to expose sensitive information over the network.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.1 nginx-extras 1.4.6-1ubuntu3.1 nginx-full 1.4.6-1ubuntu3.1 nginx-light 1.4.6-1ubuntu3.1 nginx-naxsi 1.4.6-1ubuntu3.1
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2351-1 CVE-2014-3616
Package Information: https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201502-06
http://security.gentoo.org/
Severity: Normal Title: nginx: Information disclosure Date: February 07, 2015 Bugs: #522994 ID: 201502-06
Synopsis
An SSL session fixation vulnerability in nginx may allow remote attackers to obtain sensitive information.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.7.6"
References
[ 1 ] CVE-2014-3616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3616
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201502-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616 http://advisories.mageia.org/MGASA-2014-0136.html http://advisories.mageia.org/MGASA-2014-0427.html
Updated Packages:
Mandriva Business Server 2/X86_64: f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0611", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.7.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.5.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.6.2" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.7.5" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.5.6 to 1.7.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.7.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.7.3" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.7.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.7.2" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.7.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.13" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.1.17" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.10" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.9" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.8" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.40" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.36" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.35" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.33" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.32" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.15" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.66" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.65" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.64" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.62" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.61" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.39" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.38" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.36" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.32" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.1.19" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.15" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" } ], "sources": [ { "db": "BID", "id": "70025" }, { "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "db": "NVD", "id": "CVE-2014-3616" }, { "db": "CNNVD", "id": "CNNVD-201410-1268" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6.2", "versionStartIncluding": "0.5.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.5", "versionStartIncluding": "1.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3616" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Antoine Delignat-Lavaud and Karthikeyan Bhargavan", "sources": [ { "db": "BID", "id": "70025" }, { "db": "CNNVD", "id": "CNNVD-201410-1268" } ], "trust": 0.9 }, "cve": "CVE-2014-3616", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2014-3616", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-71556", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3616", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201410-1268", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-71556", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-3616", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-71556" }, { "db": "VULMON", "id": "CVE-2014-3616" }, { "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "db": "NVD", "id": "CVE-2014-3616" }, { "db": "CNNVD", "id": "CNNVD-201410-1268" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party with certain rights, Virtual Host Confusion An attack may be executed. nginx is prone to a session-fixation vulnerability. \nAn attacker can exploit this issue to hijack an arbitrary session or gain access to the sensitive information. This may aid in further attacks. \nnginx 0.5.6 through 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.1-2.2+wheezy3. \n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.6.2-1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.2-1. \n\nWe recommend that you upgrade your nginx packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCgAGBQJUHRscAAoJEAVMuPMTQ89EGuUP/iedSRE21l/sSyJRUxP5GIoC\nGjKzrIsbFFDHY9gKH0JUJbVc5ayeEciHLWY7cY119Rlim6/IPpd4T246y4QzPyYd\nW0tI7eAmmg2zOjCIafubvLHii+FYQ93xSn6Y09CEL9XiHmVxDHS/uDdCBcQKhKaI\nrXaVc+VAg+I396RcyE6houS1GTPoUmkhJkMKOu4HCutx6foXjT78wLFJEiFLAy9I\nvVPhZ1+En1PqaJgqry8FEwkreiNF+Lzjb1VLpQzvNzi21uRhz3sPDCy6Y2nkMEhV\n4fdYZJKEJGHWC/cdZXCwu5T4lnAZWSB7QYa26yiaUraWO9SrqJw20HgN1YnuGTFf\nYbeG3qdhMjEYVsdyi0VARtw3yZXfy122/yE0vvaYv0HKFp4Nrzm/5NBysuO+Zcg2\nzt422dH9O0bLasJp6lm3tcSzGkfME7Fz63X6/CNupzoFnXcVP+IQpEHYD53+S1mf\n3CUPp8sFxauuWuCpMb7hbD8hzYzrPRxB6cRsdAoKxSqTUn+dPOZRFp84tRuW0U5c\nmBs7DfmfWnnscmTJ/gUbeES+Ac8Tfbrr1Rsz12vAs7onuXxHHH/NSihtsLGYQ17N\nxzgGSXfgAfnky2J5ZkTOTVE+LvKkoWQX3cq8a+t5JaZjGJZinDkU5CSTOyik80Nr\ndGeskBuPPhZC1qYrJkyI\n=XURr\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2351-1\nSeptember 22, 2014\n\nnginx vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n\nSummary:\n\nnginx could be made to expose sensitive information over the network. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.1\n nginx-extras 1.4.6-1ubuntu3.1\n nginx-full 1.4.6-1ubuntu3.1\n nginx-light 1.4.6-1ubuntu3.1\n nginx-naxsi 1.4.6-1ubuntu3.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2351-1\n CVE-2014-3616\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.1\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201502-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Information disclosure\n Date: February 07, 2015\n Bugs: #522994\n ID: 201502-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nAn SSL session fixation vulnerability in nginx may allow remote\nattackers to obtain sensitive information. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.7.6\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-3616\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3616\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201502-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616\n http://advisories.mageia.org/MGASA-2014-0136.html\n http://advisories.mageia.org/MGASA-2014-0427.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm \n 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security", "sources": [ { "db": "NVD", "id": "CVE-2014-3616" }, { "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "db": "BID", "id": "70025" }, { "db": "VULHUB", "id": "VHN-71556" }, { "db": "VULMON", "id": "CVE-2014-3616" }, { "db": "PACKETSTORM", "id": "128332" }, { "db": "PACKETSTORM", "id": "128328" }, { "db": "PACKETSTORM", "id": "130278" }, { "db": "PACKETSTORM", "id": "131099" } ], "trust": 2.43 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-71556", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-71556" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3616", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2014-005829", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201410-1268", "trust": 0.7 }, { "db": "BID", "id": "70025", "trust": 0.5 }, { "db": "PACKETSTORM", "id": "128332", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "130278", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "128328", "trust": 0.2 }, { "db": "SEEBUG", "id": "SSVID-89321", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-71556", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2014-3616", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131099", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-71556" }, { "db": "VULMON", "id": "CVE-2014-3616" }, { "db": "BID", "id": "70025" }, { "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "db": "PACKETSTORM", "id": "128332" }, { "db": "PACKETSTORM", "id": "128328" }, { "db": "PACKETSTORM", "id": "130278" }, { "db": "PACKETSTORM", "id": "131099" }, { "db": "NVD", "id": "CVE-2014-3616" }, { "db": "CNNVD", "id": "CNNVD-201410-1268" } ] }, "id": "VAR-201412-0611", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-71556" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T12:51:48.251000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-3029", "trust": 0.8, "url": "http://www.debian.org/security/2014/dsa-3029" }, { "title": "CVE-2014-3616", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html" }, { "title": "nginx-1.7.5", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=55253" }, { "title": "nginx-1.7.5", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=55252" }, { "title": "Ubuntu Security Notice: nginx vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2351-1" }, { "title": "Debian Security Advisories: DSA-3029-1 nginx -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=3dd41a089230b0ac4671d1b4ec4d3881" }, { "title": "Debian CVElist Bug Report Logs: nginx:CVE-2014-3616: possible to reuse cached SSL sessions in unrelated contexts", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=703629f55868e4fc7623e469fe23486b" }, { "title": "Amazon Linux AMI: ALAS-2014-421", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-421" }, { "title": "Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=10ec4e6c24845a17d787b01f883e17a7" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3616" }, { "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "db": "CNNVD", "id": "CNNVD-201410-1268" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-613", "trust": 1.1 }, { "problemtype": "CWE-Other", "trust": 0.8 }, { "problemtype": "CWE-284", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-71556" }, { "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "db": "NVD", "id": "CVE-2014-3616" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://www.debian.org/security/2014/dsa-3029" }, { "trust": 1.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3616" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3616" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3616" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/613.html" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2351-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.securityfocus.com/bid/70025" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2351-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.1" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201502-06.xml" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3616" }, { "trust": 0.1, "url": "http://advisories.mageia.org/mgasa-2014-0136.html" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0133" }, { "trust": 0.1, "url": "http://advisories.mageia.org/mgasa-2014-0427.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0133" } ], "sources": [ { "db": "VULHUB", "id": "VHN-71556" }, { "db": "VULMON", "id": "CVE-2014-3616" }, { "db": "BID", "id": "70025" }, { "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "db": "PACKETSTORM", "id": "128332" }, { "db": "PACKETSTORM", "id": "128328" }, { "db": "PACKETSTORM", "id": "130278" }, { "db": "PACKETSTORM", "id": "131099" }, { "db": "NVD", "id": "CVE-2014-3616" }, { "db": "CNNVD", "id": "CNNVD-201410-1268" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-71556" }, { "db": "VULMON", "id": "CVE-2014-3616" }, { "db": "BID", "id": "70025" }, { "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "db": "PACKETSTORM", "id": "128332" }, { "db": "PACKETSTORM", "id": "128328" }, { "db": "PACKETSTORM", "id": "130278" }, { "db": "PACKETSTORM", "id": "131099" }, { "db": "NVD", "id": "CVE-2014-3616" }, { "db": "CNNVD", "id": "CNNVD-201410-1268" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-08T00:00:00", "db": "VULHUB", "id": "VHN-71556" }, { "date": "2014-12-08T00:00:00", "db": "VULMON", "id": "CVE-2014-3616" }, { "date": "2014-08-06T00:00:00", "db": "BID", "id": "70025" }, { "date": "2014-12-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "date": "2014-09-22T20:19:12", "db": "PACKETSTORM", "id": "128332" }, { "date": "2014-09-22T20:18:28", "db": "PACKETSTORM", "id": "128328" }, { "date": "2015-02-09T17:00:47", "db": "PACKETSTORM", "id": "130278" }, { "date": "2015-03-30T21:26:01", "db": "PACKETSTORM", "id": "131099" }, { "date": "2014-12-08T11:59:03.390000", "db": "NVD", "id": "CVE-2014-3616" }, { "date": "2014-08-06T00:00:00", "db": "CNNVD", "id": "CNNVD-201410-1268" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-71556" }, { "date": "2020-11-16T00:00:00", "db": "VULMON", "id": "CVE-2014-3616" }, { "date": "2015-04-13T21:39:00", "db": "BID", "id": "70025" }, { "date": "2014-12-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "date": "2021-11-10T15:59:33.287000", "db": "NVD", "id": "CVE-2014-3616" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201410-1268" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "130278" }, { "db": "CNNVD", "id": "CNNVD-201410-1268" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx In Virtual Host Confusion Attacked vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-005829" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201410-1268" } ], "trust": 0.6 } }
cve-2009-3898
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=oss-security&m=125897425223039&w=2 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2009/11/23/10 | mailing-list, x_refsource_MLIST | |
http://marc.info/?l=oss-security&m=125897327321676&w=2 | mailing-list, x_refsource_MLIST | |
http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html | mailing-list, x_refsource_FULLDISC | |
http://secunia.com/advisories/48577 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/36818 | third-party-advisory, x_refsource_SECUNIA | |
http://marc.info/?l=oss-security&m=125900327409842&w=2 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2009/11/20/1 | mailing-list, x_refsource_MLIST | |
http://security.gentoo.org/glsa/glsa-201203-22.xml | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:45:51.019Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=oss-security\u0026m=125897425223039\u0026w=2" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=oss-security\u0026m=125897327321676\u0026w=2" }, { "name": "20090923 nginx - low risk webdav destination bug", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html" }, { "name": "48577", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48577" }, { "name": "36818", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36818" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=oss-security\u0026m=125900327409842\u0026w=2" }, { "name": "[oss-security] 20091120 CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "name": "GLSA-201203-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-09-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-06-09T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=oss-security\u0026m=125897425223039\u0026w=2" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=oss-security\u0026m=125897327321676\u0026w=2" }, { "name": "20090923 nginx - low risk webdav destination bug", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html" }, { "name": "48577", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48577" }, { "name": "36818", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36818" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=oss-security\u0026m=125900327409842\u0026w=2" }, { "name": "[oss-security] 20091120 CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "name": "GLSA-201203-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-3898", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20091123 Re: CVEs for nginx", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security\u0026m=125897425223039\u0026w=2" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security\u0026m=125897327321676\u0026w=2" }, { "name": "20090923 nginx - low risk webdav destination bug", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html" }, { "name": "48577", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48577" }, { "name": "36818", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36818" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security\u0026m=125900327409842\u0026w=2" }, { "name": "[oss-security] 20091120 CVEs for nginx", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "name": "GLSA-201203-22", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-3898", "datePublished": "2009-11-24T17:00:00", "dateReserved": "2009-11-05T00:00:00", "dateUpdated": "2024-08-07T06:45:51.019Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41741
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
F5 | NGINX | |
F5 | NGINX Plus | |
F5 | NGINX Open Source Subscription |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.730Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.f5.com/csp/article/K81926432" }, { "name": "FEDORA-2022-b0f5bc2175", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/" }, { "name": "FEDORA-2022-97de53f202", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/" }, { "name": "FEDORA-2022-12721789aa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/" }, { "name": "DSA-5281", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5281" }, { "name": "[debian-lts-announce] 20221122 [SECURITY] [DLA 3203-1] nginx security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230120-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NGINX", "vendor": "F5", "versions": [ { "lessThan": "1.23.2", "status": "affected", "version": "Mainline", "versionType": "custom" }, { "lessThan": "1.22.1", "status": "affected", "version": "Stable", "versionType": "custom" } ] }, { "product": "NGINX Plus", "vendor": "F5", "versions": [ { "lessThan": "R27-p1", "status": "affected", "version": "R27", "versionType": "custom" }, { "lessThan": "R26-p1", "status": "affected", "version": "R1", "versionType": "custom" } ] }, { "product": "NGINX Open Source Subscription", "vendor": "F5", "versions": [ { "lessThan": "R2 P1", "status": "affected", "version": "R2", "versionType": "custom" }, { "lessThan": "R1 P1", "status": "affected", "version": "R1", "versionType": "custom" } ] } ], "datePublic": "2022-10-19T00:00:00", "descriptions": [ { "lang": "en", "value": "NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-20T00:00:00", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5" }, "references": [ { "url": "https://support.f5.com/csp/article/K81926432" }, { "name": "FEDORA-2022-b0f5bc2175", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/" }, { "name": "FEDORA-2022-97de53f202", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/" }, { "name": "FEDORA-2022-12721789aa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/" }, { "name": "DSA-5281", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5281" }, { "name": "[debian-lts-announce] 20221122 [SECURITY] [DLA 3203-1] nginx security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230120-0005/" } ], "source": { "defect": [ "NWA-1396" ], "discovery": "EXTERNAL" }, "title": "NGINX ngx_http_mp4_module vulnerability CVE-2022-41741", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2022-41741", "datePublished": "2022-10-19T21:20:24.882506Z", "dateReserved": "2022-09-28T00:00:00", "dateUpdated": "2024-09-17T04:20:48.625Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3618
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:01:07.459Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975623" }, { "tags": [ "x_transferred" ], "url": "https://alpaca-attack.com/" }, { "name": "[debian-lts-announce] 20221122 [SECURITY] [DLA 3203-1] nginx security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ALPACA", "vendor": "n/a", "versions": [ { "status": "affected", "version": "vsftpd 3.0.4, nginx 1.21.0, sendmail 8.17" } ] } ], "descriptions": [ { "lang": "en", "value": "ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim\u0027s traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "CWE-295", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-23T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975623" }, { "url": "https://alpaca-attack.com/" }, { "name": "[debian-lts-announce] 20221122 [SECURITY] [DLA 3203-1] nginx security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3618", "datePublished": "2022-03-23T00:00:00", "dateReserved": "2021-06-24T00:00:00", "dateUpdated": "2024-08-03T17:01:07.459Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-20372
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf | x_refsource_MISC | |
http://nginx.org/en/CHANGES | x_refsource_MISC | |
https://duo.com/docs/dng-notes#version-1.5.4-january-2020 | x_refsource_MISC | |
https://github.com/kubernetes/ingress-nginx/pull/4859 | x_refsource_MISC | |
https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e | x_refsource_CONFIRM | |
https://usn.ubuntu.com/4235-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/4235-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://security.netapp.com/advisory/ntap-20200127-0003/ | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html | vendor-advisory, x_refsource_SUSE | |
https://support.apple.com/kb/HT212818 | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2021/Sep/36 | mailing-list, x_refsource_FULLDISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T02:39:09.206Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://nginx.org/en/CHANGES" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://duo.com/docs/dng-notes#version-1.5.4-january-2020" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/kubernetes/ingress-nginx/pull/4859" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e" }, { "name": "USN-4235-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4235-1/" }, { "name": "USN-4235-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4235-2/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200127-0003/" }, { "name": "openSUSE-SU-2020:0204", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-21T23:06:56", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "http://nginx.org/en/CHANGES" }, { "tags": [ "x_refsource_MISC" ], "url": "https://duo.com/docs/dng-notes#version-1.5.4-january-2020" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/kubernetes/ingress-nginx/pull/4859" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e" }, { "name": "USN-4235-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4235-1/" }, { "name": "USN-4235-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4235-2/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200127-0003/" }, { "name": "openSUSE-SU-2020:0204", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-20372", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf", "refsource": "MISC", "url": "https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf" }, { "name": "http://nginx.org/en/CHANGES", "refsource": "MISC", "url": "http://nginx.org/en/CHANGES" }, { "name": "https://duo.com/docs/dng-notes#version-1.5.4-january-2020", "refsource": "MISC", "url": "https://duo.com/docs/dng-notes#version-1.5.4-january-2020" }, { "name": "https://github.com/kubernetes/ingress-nginx/pull/4859", "refsource": "MISC", "url": "https://github.com/kubernetes/ingress-nginx/pull/4859" }, { "name": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e", "refsource": "CONFIRM", "url": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e" }, { "name": "USN-4235-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4235-1/" }, { "name": "USN-4235-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4235-2/" }, { "name": "https://security.netapp.com/advisory/ntap-20200127-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200127-0003/" }, { "name": "openSUSE-SU-2020:0204", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html" }, { "name": "https://support.apple.com/kb/HT212818", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-20372", "datePublished": "2020-01-09T20:05:38", "dateReserved": "2020-01-09T00:00:00", "dateUpdated": "2024-08-05T02:39:09.206Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-9516
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:54:44.285Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#605641", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://kb.cert.org/vuls/id/605641/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "name": "20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Aug/24" }, { "name": "USN-4099-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4099-1/" }, { "name": "20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2019/Aug/16" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_33" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K02591030" }, { "name": "FEDORA-2019-befd924cfe", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/" }, { "name": "20190822 [SECURITY] [DSA 4505-1] nginx security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Aug/40" }, { "name": "DSA-4505", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4505" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190823-0002/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190823-0005/" }, { "name": "FEDORA-2019-5a6a7bc12c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/" }, { "name": "FEDORA-2019-6a2980de56", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/" }, { "name": "FEDORA-2019-4427fd65be", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/" }, { "name": "FEDORA-2019-63ba15cc83", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/" }, { "name": "FEDORA-2019-7a0b45fdc4", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/" }, { "name": "openSUSE-SU-2019:2120", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "name": "openSUSE-SU-2019:2114", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "name": "openSUSE-SU-2019:2115", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296" }, { "name": "RHSA-2019:2745", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "name": "RHSA-2019:2746", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "name": "RHSA-2019:2775", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "name": "RHSA-2019:2799", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "name": "RHSA-2019:2925", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2925" }, { "name": "RHSA-2019:2939", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2939" }, { "name": "RHSA-2019:2946", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2946" }, { "name": "RHSA-2019:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2950" }, { "name": "RHSA-2019:2955", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2955" }, { "name": "RHSA-2019:2966", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2966" }, { "name": "openSUSE-SU-2019:2264", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "name": "RHSA-2019:3933", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "name": "RHSA-2019:3935", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "name": "RHSA-2019:3932", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "name": "FEDORA-2021-d5b2c18fe6", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "credits": [ { "lang": "en", "value": "Thanks to Jonathan Looney of Netflix for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "value": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-16T02:06:09", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "name": "VU#605641", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://kb.cert.org/vuls/id/605641/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "name": "20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Aug/24" }, { "name": "USN-4099-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4099-1/" }, { "name": "20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2019/Aug/16" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_33" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K02591030" }, { "name": "FEDORA-2019-befd924cfe", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/" }, { "name": "20190822 [SECURITY] [DSA 4505-1] nginx security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Aug/40" }, { "name": "DSA-4505", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4505" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190823-0002/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190823-0005/" }, { "name": "FEDORA-2019-5a6a7bc12c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/" }, { "name": "FEDORA-2019-6a2980de56", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/" }, { "name": "FEDORA-2019-4427fd65be", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/" }, { "name": "FEDORA-2019-63ba15cc83", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/" }, { "name": "FEDORA-2019-7a0b45fdc4", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/" }, { "name": "openSUSE-SU-2019:2120", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "name": "openSUSE-SU-2019:2114", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "name": "openSUSE-SU-2019:2115", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296" }, { "name": "RHSA-2019:2745", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "name": "RHSA-2019:2746", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "name": "RHSA-2019:2775", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "name": "RHSA-2019:2799", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "name": "RHSA-2019:2925", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2925" }, { "name": "RHSA-2019:2939", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2939" }, { "name": "RHSA-2019:2946", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2946" }, { "name": "RHSA-2019:2950", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2950" }, { "name": "RHSA-2019:2955", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2955" }, { "name": "RHSA-2019:2966", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2966" }, { "name": "openSUSE-SU-2019:2264", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "name": "RHSA-2019:3933", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "name": "RHSA-2019:3935", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "name": "RHSA-2019:3932", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "name": "FEDORA-2021-d5b2c18fe6", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service", "x_generator": { "engine": "Vulnogram 0.0.7" }, "x_legacyV4Record": { "CVE_data_meta": { "AKA": "HTTP/2 0-Length Headers Leak", "ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9516", "STATE": "PUBLIC", "TITLE": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "credit": [ { "lang": "eng", "value": "Thanks to Jonathan Looney of Netflix for reporting this vulnerability." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory." } ] }, "generator": { "engine": "Vulnogram 0.0.7" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "VU#605641", "refsource": "CERT-VN", "url": "https://kb.cert.org/vuls/id/605641/" }, { "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "refsource": "MISC", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "name": "20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Aug/24" }, { "name": "USN-4099-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4099-1/" }, { "name": "20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Aug/16" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_33", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_33" }, { "name": "https://support.f5.com/csp/article/K02591030", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K02591030" }, { "name": "FEDORA-2019-befd924cfe", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/" }, { "name": "20190822 [SECURITY] [DSA 4505-1] nginx security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Aug/40" }, { "name": "DSA-4505", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4505" }, { "name": "https://security.netapp.com/advisory/ntap-20190823-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190823-0002/" }, { "name": "https://security.netapp.com/advisory/ntap-20190823-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190823-0005/" }, { "name": "FEDORA-2019-5a6a7bc12c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/" }, { "name": "FEDORA-2019-6a2980de56", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/" }, { "name": "FEDORA-2019-4427fd65be", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/" }, { "name": "FEDORA-2019-63ba15cc83", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/" }, { "name": "FEDORA-2019-7a0b45fdc4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/" }, { "name": "openSUSE-SU-2019:2120", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "name": "openSUSE-SU-2019:2114", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "name": "openSUSE-SU-2019:2115", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296" }, { "name": "RHSA-2019:2745", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "name": "RHSA-2019:2746", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "name": "RHSA-2019:2775", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "name": "RHSA-2019:2799", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "name": "RHSA-2019:2925", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2925" }, { "name": "RHSA-2019:2939", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2939" }, { "name": "RHSA-2019:2946", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2946" }, { "name": "RHSA-2019:2950", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2950" }, { "name": "RHSA-2019:2955", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2955" }, { "name": "RHSA-2019:2966", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2966" }, { "name": "openSUSE-SU-2019:2264", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html" }, { "name": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "name": "RHSA-2019:3933", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "name": "RHSA-2019:3935", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "name": "RHSA-2019:3932", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "name": "FEDORA-2021-d5b2c18fe6", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2019-9516", "datePublished": "2019-08-13T20:50:59", "dateReserved": "2019-03-01T00:00:00", "dateUpdated": "2024-08-04T21:54:44.285Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-0133
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html | mailing-list, x_refsource_MLIST | |
http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html | vendor-advisory, x_refsource_SUSE | |
http://www.securityfocus.com/bid/66537 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:05:38.993Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[nginx-announce] 20140318 nginx security advisory (CVE-2014-0133)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html" }, { "name": "openSUSE-SU-2014:0450", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html" }, { "name": "66537", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/66537" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-03-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2015-06-02T14:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[nginx-announce] 20140318 nginx security advisory (CVE-2014-0133)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html" }, { "name": "openSUSE-SU-2014:0450", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html" }, { "name": "66537", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/66537" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0133", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[nginx-announce] 20140318 nginx security advisory (CVE-2014-0133)", "refsource": "MLIST", "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html" }, { "name": "openSUSE-SU-2014:0450", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html" }, { "name": "66537", "refsource": "BID", "url": "http://www.securityfocus.com/bid/66537" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0133", "datePublished": "2014-03-28T15:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T09:05:38.993Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-7529
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html | mailing-list, x_refsource_MLIST | |
https://access.redhat.com/errata/RHSA-2017:2538 | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/99534 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1039238 | vdb-entry, x_refsource_SECTRACK | |
https://puppet.com/security/cve/cve-2017-7529 | x_refsource_CONFIRM | |
https://support.apple.com/kb/HT212818 | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2021/Sep/36 | mailing-list, x_refsource_FULLDISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:04:11.898Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" }, { "name": "RHSA-2017:2538", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2538" }, { "name": "99534", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99534" }, { "name": "1039238", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039238" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://puppet.com/security/cve/cve-2017-7529" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "nginx", "vendor": "nginx", "versions": [ { "status": "affected", "version": "0.5.6 - 1.13.2" } ] } ], "datePublic": "2017-07-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-21T23:07:12", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" }, { "name": "RHSA-2017:2538", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2538" }, { "name": "99534", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99534" }, { "name": "1039238", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039238" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://puppet.com/security/cve/cve-2017-7529" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2017-07-11T00:00:00", "ID": "CVE-2017-7529", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "nginx", "version": { "version_data": [ { "version_value": "0.5.6 - 1.13.2" } ] } } ] }, "vendor_name": "nginx" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-190" } ] } ] }, "references": { "reference_data": [ { "name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)", "refsource": "MLIST", "url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" }, { "name": "RHSA-2017:2538", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2538" }, { "name": "99534", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99534" }, { "name": "1039238", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039238" }, { "name": "https://puppet.com/security/cve/cve-2017-7529", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2017-7529" }, { "name": "https://support.apple.com/kb/HT212818", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-7529", "datePublished": "2017-07-13T13:00:00Z", "dateReserved": "2017-04-05T00:00:00", "dateUpdated": "2024-09-16T18:39:56.411Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-23017
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
n/a | Nginx Web Server, Nginx Plus |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:58:26.413Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.f5.com/csp/article/K12331123%2C" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html" }, { "name": "[apisix-notifications] 20210607 [GitHub] [apisix-website] Serendipity96 opened a new pull request #362: feat: add new blog", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3Cnotifications.apisix.apache.org%3E" }, { "name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran commented on a change in pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3Cnotifications.apisix.apache.org%3E" }, { "name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] netlify[bot] edited a comment on pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3Cnotifications.apisix.apache.org%3E" }, { "name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran merged pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3Cnotifications.apisix.apache.org%3E" }, { "name": "[apisix-notifications] 20210608 [apisix-website] branch master updated: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\" (#362)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3Cnotifications.apisix.apache.org%3E" }, { "name": "FEDORA-2021-b37cffac0d", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/" }, { "name": "FEDORA-2021-393d698493", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210708-0006/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Nginx Web Server, Nginx Plus", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Nginx Web Server versions 0.6.18 thru 1.20.0 before 1.20.1, Nginx plus versions R13 thru R23 before R23 P1. Nginx plus version R24 before R24 P1" } ] } ], "descriptions": [ { "lang": "en", "value": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-193", "description": "CWE-193", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-11T15:06:16", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.f5.com/csp/article/K12331123%2C" }, { "tags": [ "x_refsource_MISC" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html" }, { "name": "[apisix-notifications] 20210607 [GitHub] [apisix-website] Serendipity96 opened a new pull request #362: feat: add new blog", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3Cnotifications.apisix.apache.org%3E" }, { "name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran commented on a change in pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3Cnotifications.apisix.apache.org%3E" }, { "name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] netlify[bot] edited a comment on pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3Cnotifications.apisix.apache.org%3E" }, { "name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran merged pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3Cnotifications.apisix.apache.org%3E" }, { "name": "[apisix-notifications] 20210608 [apisix-website] branch master updated: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\" (#362)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3Cnotifications.apisix.apache.org%3E" }, { "name": "FEDORA-2021-b37cffac0d", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/" }, { "name": "FEDORA-2021-393d698493", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210708-0006/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "f5sirt@f5.com", "ID": "CVE-2021-23017", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Nginx Web Server, Nginx Plus", "version": { "version_data": [ { "version_value": "Nginx Web Server versions 0.6.18 thru 1.20.0 before 1.20.1, Nginx plus versions R13 thru R23 before R23 P1. Nginx plus version R24 before R24 P1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-193" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.f5.com/csp/article/K12331123,", "refsource": "MISC", "url": "https://support.f5.com/csp/article/K12331123," }, { "name": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html", "refsource": "MISC", "url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html" }, { "name": "[apisix-notifications] 20210607 [GitHub] [apisix-website] Serendipity96 opened a new pull request #362: feat: add new blog", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3Cnotifications.apisix.apache.org%3E" }, { "name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran commented on a change in pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3Cnotifications.apisix.apache.org%3E" }, { "name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] netlify[bot] edited a comment on pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3Cnotifications.apisix.apache.org%3E" }, { "name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran merged pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3Cnotifications.apisix.apache.org%3E" }, { "name": "[apisix-notifications] 20210608 [apisix-website] branch master updated: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\" (#362)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3Cnotifications.apisix.apache.org%3E" }, { "name": "FEDORA-2021-b37cffac0d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/" }, { "name": "FEDORA-2021-393d698493", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "name": "https://security.netapp.com/advisory/ntap-20210708-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210708-0006/" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2021-23017", "datePublished": "2021-06-01T12:28:09", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:58:26.413Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0337
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/55181 | third-party-advisory, x_refsource_SECUNIA | |
http://www.openwall.com/lists/oss-security/2013/02/24/1 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2013/02/22/1 | mailing-list, x_refsource_MLIST | |
http://security.gentoo.org/glsa/glsa-201310-04.xml | vendor-advisory, x_refsource_GENTOO | |
http://www.openwall.com/lists/oss-security/2013/02/21/15 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:25:09.144Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "55181", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55181" }, { "name": "[oss-security] 20130224 nginx CVE-2013-0337 world-readable logs", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2013/02/24/1" }, { "name": "[oss-security] 20130221 Re: CVE request: nginx world-readable logdir", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2013/02/22/1" }, { "name": "GLSA-201310-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml" }, { "name": "[oss-security] 20130221 nginx world-readable logdir", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2013/02/21/15" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-10-27T00:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "55181", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55181" }, { "name": "[oss-security] 20130224 nginx CVE-2013-0337 world-readable logs", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2013/02/24/1" }, { "name": "[oss-security] 20130221 Re: CVE request: nginx world-readable logdir", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2013/02/22/1" }, { "name": "GLSA-201310-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml" }, { "name": "[oss-security] 20130221 nginx world-readable logdir", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2013/02/21/15" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0337", "datePublished": "2013-10-27T00:00:00Z", "dateReserved": "2012-12-06T00:00:00Z", "dateUpdated": "2024-08-06T14:25:09.144Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-9511
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:54:44.157Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#605641", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://kb.cert.org/vuls/id/605641/" }, { "name": "USN-4099-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4099-1/" }, { "name": "FEDORA-2019-befd924cfe", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/" }, { "name": "20190822 [SECURITY] [DSA 4505-1] nginx security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Aug/40" }, { "name": "FEDORA-2019-81985a8858", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/" }, { "name": "DSA-4505", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4505" }, { "name": "FEDORA-2019-8a437d5c2f", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/" }, { "name": "FEDORA-2019-4427fd65be", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/" }, { "name": "FEDORA-2019-63ba15cc83", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/" }, { "name": "20190902 [SECURITY] [DSA 4511-1] nghttp2 security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Sep/1" }, { "name": "DSA-4511", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4511" }, { "name": "FEDORA-2019-7a0b45fdc4", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/" }, { "name": "RHSA-2019:2692", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2692" }, { "name": "openSUSE-SU-2019:2120", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "name": "openSUSE-SU-2019:2114", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "name": "openSUSE-SU-2019:2115", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "name": "RHSA-2019:2745", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "name": "RHSA-2019:2746", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "name": "RHSA-2019:2775", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "name": "RHSA-2019:2799", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "name": "RHSA-2019:2925", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2925" }, { "name": "RHSA-2019:2939", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2939" }, { "name": "RHSA-2019:2949", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "name": "openSUSE-SU-2019:2232", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html" }, { "name": "openSUSE-SU-2019:2234", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html" }, { "name": "RHSA-2019:2955", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2955" }, { "name": "RHSA-2019:2966", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2966" }, { "name": "openSUSE-SU-2019:2264", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html" }, { "name": "RHSA-2019:3041", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3041" }, { "name": "RHSA-2019:3933", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "name": "RHSA-2019:3935", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "name": "RHSA-2019:3932", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "name": "RHSA-2019:4018", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4018" }, { "name": "RHSA-2019:4019", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4019" }, { "name": "RHSA-2019:4021", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4021" }, { "name": "RHSA-2019:4020", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4020" }, { "name": "DSA-4669", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4669" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_33" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K02591030" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190823-0002/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190823-0005/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "credits": [ { "lang": "en", "value": "Thanks to Jonathan Looney of Netflix for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "value": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-20T14:42:02", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "name": "VU#605641", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://kb.cert.org/vuls/id/605641/" }, { "name": "USN-4099-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4099-1/" }, { "name": "FEDORA-2019-befd924cfe", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/" }, { "name": "20190822 [SECURITY] [DSA 4505-1] nginx security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Aug/40" }, { "name": "FEDORA-2019-81985a8858", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/" }, { "name": "DSA-4505", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4505" }, { "name": "FEDORA-2019-8a437d5c2f", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/" }, { "name": "FEDORA-2019-4427fd65be", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/" }, { "name": "FEDORA-2019-63ba15cc83", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/" }, { "name": "20190902 [SECURITY] [DSA 4511-1] nghttp2 security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Sep/1" }, { "name": "DSA-4511", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4511" }, { "name": "FEDORA-2019-7a0b45fdc4", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/" }, { "name": "RHSA-2019:2692", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2692" }, { "name": "openSUSE-SU-2019:2120", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "name": "openSUSE-SU-2019:2114", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "name": "openSUSE-SU-2019:2115", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "name": "RHSA-2019:2745", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "name": "RHSA-2019:2746", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "name": "RHSA-2019:2775", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "name": "RHSA-2019:2799", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "name": "RHSA-2019:2925", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2925" }, { "name": "RHSA-2019:2939", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2939" }, { "name": "RHSA-2019:2949", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "name": "openSUSE-SU-2019:2232", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html" }, { "name": "openSUSE-SU-2019:2234", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html" }, { "name": "RHSA-2019:2955", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2955" }, { "name": "RHSA-2019:2966", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2966" }, { "name": "openSUSE-SU-2019:2264", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html" }, { "name": "RHSA-2019:3041", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3041" }, { "name": "RHSA-2019:3933", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "name": "RHSA-2019:3935", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "name": "RHSA-2019:3932", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "name": "RHSA-2019:4018", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4018" }, { "name": "RHSA-2019:4019", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4019" }, { "name": "RHSA-2019:4021", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4021" }, { "name": "RHSA-2019:4020", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4020" }, { "name": "DSA-4669", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4669" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_33" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K02591030" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190823-0002/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190823-0005/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service", "x_generator": { "engine": "Vulnogram 0.0.7" }, "x_legacyV4Record": { "CVE_data_meta": { "AKA": "HTTP/2 Data Dribble", "ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9511", "STATE": "PUBLIC", "TITLE": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "credit": [ { "lang": "eng", "value": "Thanks to Jonathan Looney of Netflix for reporting this vulnerability." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both." } ] }, "generator": { "engine": "Vulnogram 0.0.7" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "VU#605641", "refsource": "CERT-VN", "url": "https://kb.cert.org/vuls/id/605641/" }, { "name": "USN-4099-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4099-1/" }, { "name": "FEDORA-2019-befd924cfe", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/" }, { "name": "20190822 [SECURITY] [DSA 4505-1] nginx security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Aug/40" }, { "name": "FEDORA-2019-81985a8858", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/" }, { "name": "DSA-4505", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4505" }, { "name": "FEDORA-2019-8a437d5c2f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/" }, { "name": "FEDORA-2019-4427fd65be", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/" }, { "name": "FEDORA-2019-63ba15cc83", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/" }, { "name": "20190902 [SECURITY] [DSA 4511-1] nghttp2 security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/1" }, { "name": "DSA-4511", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4511" }, { "name": "FEDORA-2019-7a0b45fdc4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/" }, { "name": "RHSA-2019:2692", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2692" }, { "name": "openSUSE-SU-2019:2120", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "name": "openSUSE-SU-2019:2114", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "name": "openSUSE-SU-2019:2115", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "name": "RHSA-2019:2745", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "name": "RHSA-2019:2746", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "name": "RHSA-2019:2775", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "name": "RHSA-2019:2799", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "name": "RHSA-2019:2925", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2925" }, { "name": "RHSA-2019:2939", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2939" }, { "name": "RHSA-2019:2949", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "name": "openSUSE-SU-2019:2232", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html" }, { "name": "openSUSE-SU-2019:2234", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html" }, { "name": "RHSA-2019:2955", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2955" }, { "name": "RHSA-2019:2966", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2966" }, { "name": "openSUSE-SU-2019:2264", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html" }, { "name": "RHSA-2019:3041", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3041" }, { "name": "RHSA-2019:3933", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "name": "RHSA-2019:3935", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "name": "RHSA-2019:3932", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "name": "RHSA-2019:4018", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4018" }, { "name": "RHSA-2019:4019", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4019" }, { "name": "RHSA-2019:4021", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4021" }, { "name": "RHSA-2019:4020", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4020" }, { "name": "DSA-4669", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4669" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "refsource": "MISC", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_33", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_33" }, { "name": "https://support.f5.com/csp/article/K02591030", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K02591030" }, { "name": "https://security.netapp.com/advisory/ntap-20190823-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190823-0002/" }, { "name": "https://security.netapp.com/advisory/ntap-20190823-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190823-0005/" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296" }, { "name": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2019-9511", "datePublished": "2019-08-13T20:50:59", "dateReserved": "2019-03-01T00:00:00", "dateUpdated": "2024-08-04T21:54:44.157Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44487
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "http", "vendor": "ietf", "versions": [ { "status": "affected", "version": "2.0" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-44487", "options": [ { "Exploitation": "active" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-23T20:34:21.334116Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2023-10-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-44487" }, "type": "kev" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-23T20:35:03.253Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-19T07:48:04.546Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73" }, { "tags": [ "x_transferred" ], "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/" }, { "tags": [ "x_transferred" ], "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/" }, { "tags": [ "x_transferred" ], "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack" }, { "tags": [ "x_transferred" ], "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" }, { "tags": [ "x_transferred" ], "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=37831062" }, { "tags": [ "x_transferred" ], "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/" }, { "tags": [ "x_transferred" ], "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack" }, { "tags": [ "x_transferred" ], "url": "https://github.com/envoyproxy/envoy/pull/30055" }, { "tags": [ "x_transferred" ], "url": "https://github.com/haproxy/haproxy/issues/2312" }, { "tags": [ "x_transferred" ], "url": "https://github.com/eclipse/jetty.project/issues/10679" }, { "tags": [ "x_transferred" ], "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764" }, { "tags": [ "x_transferred" ], "url": "https://github.com/nghttp2/nghttp2/pull/1961" }, { "tags": [ "x_transferred" ], "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61" }, { "tags": [ "x_transferred" ], "url": "https://github.com/alibaba/tengine/issues/1872" }, { "tags": [ "x_transferred" ], "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=37830987" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=37830998" }, { "tags": [ "x_transferred" ], "url": "https://github.com/caddyserver/caddy/issues/5877" }, { "tags": [ "x_transferred" ], "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/bcdannyboy/CVE-2023-44487" }, { "tags": [ "x_transferred" ], "url": "https://github.com/grpc/grpc-go/pull/6703" }, { "tags": [ "x_transferred" ], "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244" }, { "tags": [ "x_transferred" ], "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0" }, { "tags": [ "x_transferred" ], "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html" }, { "tags": [ "x_transferred" ], "url": "https://my.f5.com/manage/s/article/K000137106" }, { "tags": [ "x_transferred" ], "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988" }, { "tags": [ "x_transferred" ], "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9" }, { "tags": [ "x_transferred" ], "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected" }, { "tags": [ "x_transferred" ], "url": "https://github.com/microsoft/CBL-Mariner/pull/6381" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo" }, { "tags": [ "x_transferred" ], "url": "https://github.com/facebook/proxygen/pull/466" }, { "tags": [ "x_transferred" ], "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088" }, { "tags": [ "x_transferred" ], "url": "https://github.com/micrictor/http2-rst-stream" }, { "tags": [ "x_transferred" ], "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve" }, { "tags": [ "x_transferred" ], "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf" }, { "tags": [ "x_transferred" ], "url": "https://github.com/h2o/h2o/pull/3291" }, { "tags": [ "x_transferred" ], "url": "https://github.com/nodejs/node/pull/50121" }, { "tags": [ "x_transferred" ], "url": "https://github.com/dotnet/announcements/issues/277" }, { "tags": [ "x_transferred" ], "url": "https://github.com/golang/go/issues/63417" }, { "tags": [ "x_transferred" ], "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg" }, { "tags": [ "x_transferred" ], "url": "https://github.com/apache/trafficserver/pull/10564" }, { "tags": [ "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487" }, { "tags": [ "x_transferred" ], "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14" }, { "tags": [ "x_transferred" ], "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6" }, { "tags": [ "x_transferred" ], "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487" }, { "tags": [ "x_transferred" ], "url": "https://github.com/opensearch-project/data-prepper/issues/3474" }, { "tags": [ "x_transferred" ], "url": "https://github.com/kubernetes/kubernetes/pull/121120" }, { "tags": [ "x_transferred" ], "url": "https://github.com/oqtane/oqtane.framework/discussions/3367" }, { "tags": [ "x_transferred" ], "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p" }, { "tags": [ "x_transferred" ], "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html" }, { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" }, { "tags": [ "x_transferred" ], "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/" }, { "tags": [ "x_transferred" ], "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=37837043" }, { "tags": [ "x_transferred" ], "url": "https://github.com/kazu-yamamoto/http2/issues/93" }, { "tags": [ "x_transferred" ], "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1" }, { "tags": [ "x_transferred" ], "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113" }, { "name": "DSA-5522", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5522" }, { "name": "DSA-5521", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5521" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/cve-2023-44487" }, { "tags": [ "x_transferred" ], "url": "https://github.com/ninenines/cowboy/issues/1615" }, { "tags": [ "x_transferred" ], "url": "https://github.com/varnishcache/varnish-cache/issues/3996" }, { "tags": [ "x_transferred" ], "url": "https://github.com/tempesta-tech/tempesta/issues/1986" }, { "tags": [ "x_transferred" ], "url": "https://blog.vespa.ai/cve-2023-44487/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/etcd-io/etcd/issues/16740" }, { "tags": [ "x_transferred" ], "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event" }, { "tags": [ "x_transferred" ], "url": "https://istio.io/latest/news/security/istio-security-2023-004/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/junkurihara/rust-rpxy/issues/97" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "tags": [ "x_transferred" ], "url": "https://ubuntu.com/security/CVE-2023-44487" }, { "tags": [ "x_transferred" ], "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125" }, { "tags": [ "x_transferred" ], "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3" }, { "tags": [ "x_transferred" ], "url": "https://github.com/apache/httpd-site/pull/10" }, { "tags": [ "x_transferred" ], "url": "https://github.com/projectcontour/contour/pull/5826" }, { "tags": [ "x_transferred" ], "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632" }, { "tags": [ "x_transferred" ], "url": "https://github.com/line/armeria/pull/5232" }, { "tags": [ "x_transferred" ], "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/" }, { "tags": [ "x_transferred" ], "url": "https://security.paloaltonetworks.com/CVE-2023-44487" }, { "tags": [ "x_transferred" ], "url": "https://github.com/akka/akka-http/issues/4323" }, { "tags": [ "x_transferred" ], "url": "https://github.com/openresty/openresty/issues/930" }, { "tags": [ "x_transferred" ], "url": "https://github.com/apache/apisix/issues/10320" }, { "tags": [ "x_transferred" ], "url": "https://github.com/Azure/AKS/issues/3947" }, { "tags": [ "x_transferred" ], "url": "https://github.com/Kong/kong/discussions/11741" }, { "tags": [ "x_transferred" ], "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487" }, { "tags": [ "x_transferred" ], "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5" }, { "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html" }, { "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4" }, { "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9" }, { "tags": [ "x_transferred" ], "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/" }, { "tags": [ "x_transferred" ], "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html" }, { "name": "FEDORA-2023-ed2642fd58", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/" }, { "tags": [ "x_transferred" ], "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/" }, { "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231016-0001/" }, { "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html" }, { "name": "[oss-security] 20231018 Vulnerability in Jenkins", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4" }, { "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8" }, { "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6" }, { "name": "FEDORA-2023-54fadada12", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/" }, { "name": "FEDORA-2023-5ff7bf1dd8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/" }, { "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8" }, { "name": "FEDORA-2023-17efd3f2cd", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/" }, { "name": "FEDORA-2023-d5030c983c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/" }, { "name": "FEDORA-2023-0259c3f26f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/" }, { "name": "FEDORA-2023-2a9214af5f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/" }, { "name": "FEDORA-2023-e9c04d81c1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/" }, { "name": "FEDORA-2023-f66fc0f62a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/" }, { "name": "FEDORA-2023-4d2fd884ea", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/" }, { "name": "FEDORA-2023-b2c50535cb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/" }, { "name": "FEDORA-2023-fe53e13b5b", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/" }, { "name": "FEDORA-2023-4bf641255e", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/" }, { "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html" }, { "name": "DSA-5540", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5540" }, { "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html" }, { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715" }, { "name": "FEDORA-2023-1caffb88af", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/" }, { "name": "FEDORA-2023-3f70b8d406", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/" }, { "name": "FEDORA-2023-7b52921cae", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/" }, { "name": "FEDORA-2023-7934802344", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/" }, { "name": "FEDORA-2023-dbe64661af", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/" }, { "name": "FEDORA-2023-822aab0a5a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/" }, { "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html" }, { "name": "DSA-5549", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5549" }, { "name": "FEDORA-2023-c0c6a91330", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/" }, { "name": "FEDORA-2023-492b7be466", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/" }, { "name": "DSA-5558", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5558" }, { "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html" }, { "name": "GLSA-202311-09", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202311-09" }, { "name": "DSA-5570", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5570" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240426-0007/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0007/" }, { "url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-21T19:08:34.967324", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73" }, { "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/" }, { "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/" }, { "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack" }, { "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" }, { "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/" }, { "url": "https://news.ycombinator.com/item?id=37831062" }, { "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/" }, { "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack" }, { "url": "https://github.com/envoyproxy/envoy/pull/30055" }, { "url": "https://github.com/haproxy/haproxy/issues/2312" }, { "url": "https://github.com/eclipse/jetty.project/issues/10679" }, { "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764" }, { "url": "https://github.com/nghttp2/nghttp2/pull/1961" }, { "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61" }, { "url": "https://github.com/alibaba/tengine/issues/1872" }, { "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2" }, { "url": "https://news.ycombinator.com/item?id=37830987" }, { "url": "https://news.ycombinator.com/item?id=37830998" }, { "url": "https://github.com/caddyserver/caddy/issues/5877" }, { "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/" }, { "url": "https://github.com/bcdannyboy/CVE-2023-44487" }, { "url": "https://github.com/grpc/grpc-go/pull/6703" }, { "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244" }, { "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0" }, { "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html" }, { "url": "https://my.f5.com/manage/s/article/K000137106" }, { "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/" }, { "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988" }, { "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9" }, { "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected" }, { "url": "https://github.com/microsoft/CBL-Mariner/pull/6381" }, { "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo" }, { "url": "https://github.com/facebook/proxygen/pull/466" }, { "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088" }, { "url": "https://github.com/micrictor/http2-rst-stream" }, { "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve" }, { "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/" }, { "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf" }, { "url": "https://github.com/h2o/h2o/pull/3291" }, { "url": "https://github.com/nodejs/node/pull/50121" }, { "url": "https://github.com/dotnet/announcements/issues/277" }, { "url": "https://github.com/golang/go/issues/63417" }, { "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg" }, { "url": "https://github.com/apache/trafficserver/pull/10564" }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487" }, { "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14" }, { "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q" }, { "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6" }, { "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487" }, { "url": "https://github.com/opensearch-project/data-prepper/issues/3474" }, { "url": "https://github.com/kubernetes/kubernetes/pull/121120" }, { "url": "https://github.com/oqtane/oqtane.framework/discussions/3367" }, { "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p" }, { "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html" }, { "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" }, { "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/" }, { "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack" }, { "url": "https://news.ycombinator.com/item?id=37837043" }, { "url": "https://github.com/kazu-yamamoto/http2/issues/93" }, { "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html" }, { "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1" }, { "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113" }, { "name": "DSA-5522", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5522" }, { "name": "DSA-5521", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5521" }, { "url": "https://access.redhat.com/security/cve/cve-2023-44487" }, { "url": "https://github.com/ninenines/cowboy/issues/1615" }, { "url": "https://github.com/varnishcache/varnish-cache/issues/3996" }, { "url": "https://github.com/tempesta-tech/tempesta/issues/1986" }, { "url": "https://blog.vespa.ai/cve-2023-44487/" }, { "url": "https://github.com/etcd-io/etcd/issues/16740" }, { "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event" }, { "url": "https://istio.io/latest/news/security/istio-security-2023-004/" }, { "url": "https://github.com/junkurihara/rust-rpxy/issues/97" }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "url": "https://ubuntu.com/security/CVE-2023-44487" }, { "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125" }, { "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3" }, { "url": "https://github.com/apache/httpd-site/pull/10" }, { "url": "https://github.com/projectcontour/contour/pull/5826" }, { "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632" }, { "url": "https://github.com/line/armeria/pull/5232" }, { "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/" }, { "url": "https://security.paloaltonetworks.com/CVE-2023-44487" }, { "url": "https://github.com/akka/akka-http/issues/4323" }, { "url": "https://github.com/openresty/openresty/issues/930" }, { "url": "https://github.com/apache/apisix/issues/10320" }, { "url": "https://github.com/Azure/AKS/issues/3947" }, { "url": "https://github.com/Kong/kong/discussions/11741" }, { "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487" }, { "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/" }, { "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5" }, { "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html" }, { "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4" }, { "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9" }, { "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/" }, { "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html" }, { "name": "FEDORA-2023-ed2642fd58", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/" }, { "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/" }, { "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html" }, { "url": "https://security.netapp.com/advisory/ntap-20231016-0001/" }, { "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html" }, { "name": "[oss-security] 20231018 Vulnerability in Jenkins", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4" }, { "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8" }, { "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6" }, { "name": "FEDORA-2023-54fadada12", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/" }, { "name": "FEDORA-2023-5ff7bf1dd8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/" }, { "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8" }, { "name": "FEDORA-2023-17efd3f2cd", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/" }, { "name": "FEDORA-2023-d5030c983c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/" }, { "name": "FEDORA-2023-0259c3f26f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/" }, { "name": "FEDORA-2023-2a9214af5f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/" }, { "name": "FEDORA-2023-e9c04d81c1", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/" }, { "name": "FEDORA-2023-f66fc0f62a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/" }, { "name": "FEDORA-2023-4d2fd884ea", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/" }, { "name": "FEDORA-2023-b2c50535cb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/" }, { "name": "FEDORA-2023-fe53e13b5b", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/" }, { "name": "FEDORA-2023-4bf641255e", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/" }, { "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html" }, { "name": "DSA-5540", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5540" }, { "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html" }, { "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715" }, { "name": "FEDORA-2023-1caffb88af", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/" }, { "name": "FEDORA-2023-3f70b8d406", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/" }, { "name": "FEDORA-2023-7b52921cae", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/" }, { "name": "FEDORA-2023-7934802344", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/" }, { "name": "FEDORA-2023-dbe64661af", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/" }, { "name": "FEDORA-2023-822aab0a5a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/" }, { "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html" }, { "name": "DSA-5549", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5549" }, { "name": "FEDORA-2023-c0c6a91330", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/" }, { "name": "FEDORA-2023-492b7be466", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/" }, { "name": "DSA-5558", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5558" }, { "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html" }, { "name": "GLSA-202311-09", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202311-09" }, { "name": "DSA-5570", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5570" }, { "url": "https://security.netapp.com/advisory/ntap-20240426-0007/" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0007/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-44487", "datePublished": "2023-10-10T00:00:00", "dateReserved": "2023-09-29T00:00:00", "dateUpdated": "2024-08-19T07:48:04.546Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41742
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
F5 | NGINX | |
F5 | NGINX Plus | |
F5 | NGINX Open Source Subscription |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:44.037Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.f5.com/csp/article/K28112382" }, { "name": "FEDORA-2022-b0f5bc2175", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/" }, { "name": "FEDORA-2022-97de53f202", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/" }, { "name": "FEDORA-2022-12721789aa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/" }, { "name": "DSA-5281", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5281" }, { "name": "[debian-lts-announce] 20221122 [SECURITY] [DLA 3203-1] nginx security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230120-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NGINX", "vendor": "F5", "versions": [ { "lessThan": "1.23.2", "status": "affected", "version": "Mainline", "versionType": "custom" }, { "lessThan": "1.22.1", "status": "affected", "version": "Stable", "versionType": "custom" } ] }, { "product": "NGINX Plus", "vendor": "F5", "versions": [ { "lessThan": "R27-p1", "status": "affected", "version": "R27", "versionType": "custom" }, { "lessThan": "R26-p1", "status": "affected", "version": "R1", "versionType": "custom" } ] }, { "product": "NGINX Open Source Subscription", "vendor": "F5", "versions": [ { "lessThan": "R2 P1", "status": "affected", "version": "R2", "versionType": "custom" }, { "lessThan": "R1 P1", "status": "affected", "version": "R1", "versionType": "custom" } ] } ], "datePublic": "2022-10-19T00:00:00", "descriptions": [ { "lang": "en", "value": "NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-20T00:00:00", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5" }, "references": [ { "url": "https://support.f5.com/csp/article/K28112382" }, { "name": "FEDORA-2022-b0f5bc2175", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/" }, { "name": "FEDORA-2022-97de53f202", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/" }, { "name": "FEDORA-2022-12721789aa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/" }, { "name": "DSA-5281", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5281" }, { "name": "[debian-lts-announce] 20221122 [SECURITY] [DLA 3203-1] nginx security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230120-0005/" } ], "source": { "defect": [ "NWA-1396" ], "discovery": "EXTERNAL" }, "title": "NGINX ngx_http_mp4_module vulnerability CVE-2022-41742", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2022-41742", "datePublished": "2022-10-19T21:20:50.106518Z", "dateReserved": "2022-09-28T00:00:00", "dateUpdated": "2024-09-16T19:30:06.897Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-4547
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/55757 | third-party-advisory, x_refsource_SECUNIA | |
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html | vendor-advisory, x_refsource_SUSE | |
http://secunia.com/advisories/55825 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/55822 | third-party-advisory, x_refsource_SECUNIA | |
http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html | vendor-advisory, x_refsource_SUSE | |
http://www.debian.org/security/2012/dsa-2802 | vendor-advisory, x_refsource_DEBIAN | |
http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:45:15.058Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "55757", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55757" }, { "name": "SUSE-SU-2013:1895", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html" }, { "name": "openSUSE-SU-2013:1745", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html" }, { "name": "55825", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55825" }, { "name": "55822", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55822" }, { "name": "openSUSE-SU-2013:1792", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html" }, { "name": "openSUSE-SU-2013:1791", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html" }, { "name": "DSA-2802", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2802" }, { "name": "[nginx-announce] 20131119 nginx security advisory (CVE-2013-4547)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-11-19T00:00:00", "descriptions": [ { "lang": "en", "value": "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-12-17T15:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "55757", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55757" }, { "name": "SUSE-SU-2013:1895", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html" }, { "name": "openSUSE-SU-2013:1745", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html" }, { "name": "55825", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55825" }, { "name": "55822", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55822" }, { "name": "openSUSE-SU-2013:1792", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html" }, { "name": "openSUSE-SU-2013:1791", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html" }, { "name": "DSA-2802", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2802" }, { "name": "[nginx-announce] 20131119 nginx security advisory (CVE-2013-4547)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4547", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "55757", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55757" }, { "name": "SUSE-SU-2013:1895", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html" }, { "name": "openSUSE-SU-2013:1745", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html" }, { "name": "55825", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55825" }, { "name": "55822", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55822" }, { "name": "openSUSE-SU-2013:1792", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html" }, { "name": "openSUSE-SU-2013:1791", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html" }, { "name": "DSA-2802", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2802" }, { "name": "[nginx-announce] 20131119 nginx security advisory (CVE-2013-4547)", "refsource": "MLIST", "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4547", "datePublished": "2013-11-23T18:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:15.058Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-2070
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.debian.org/security/2013/dsa-2721 | vendor-advisory, x_refsource_DEBIAN | |
http://www.openwall.com/lists/oss-security/2013/05/13/3 | mailing-list, x_refsource_MLIST | |
http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html | mailing-list, x_refsource_MLIST | |
http://secunia.com/advisories/55181 | third-party-advisory, x_refsource_SECUNIA | |
https://bugzilla.redhat.com/show_bug.cgi?id=962525 | x_refsource_MISC | |
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.html | vendor-advisory, x_refsource_FEDORA | |
http://www.securityfocus.com/bid/59824 | vdb-entry, x_refsource_BID | |
http://nginx.org/download/patch.2013.proxy.txt | x_refsource_MISC | |
http://seclists.org/oss-sec/2013/q2/291 | mailing-list, x_refsource_MLIST | |
http://security.gentoo.org/glsa/glsa-201310-04.xml | vendor-advisory, x_refsource_GENTOO | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/84172 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T15:27:39.171Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-2721", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2721" }, { "name": "[oss-security] 20130513 nginx security advisory (CVE-2013-2070)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2013/05/13/3" }, { "name": "[nginx-announce] 20130513 nginx security advisory (CVE-2013-2070)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html" }, { "name": "55181", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55181" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962525" }, { "name": "FEDORA-2013-8182", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.html" }, { "name": "59824", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/59824" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://nginx.org/download/patch.2013.proxy.txt" }, { "name": "[oss-security] 20130507 Re: nginx security advisory (CVE-2013-2028)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://seclists.org/oss-sec/2013/q2/291" }, { "name": "GLSA-201310-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml" }, { "name": "nginx-cve20132070-dos(84172)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84172" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-05-07T00:00:00", "descriptions": [ { "lang": "en", "value": "http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-2721", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2721" }, { "name": "[oss-security] 20130513 nginx security advisory (CVE-2013-2070)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2013/05/13/3" }, { "name": "[nginx-announce] 20130513 nginx security advisory (CVE-2013-2070)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html" }, { "name": "55181", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55181" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962525" }, { "name": "FEDORA-2013-8182", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.html" }, { "name": "59824", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/59824" }, { "tags": [ "x_refsource_MISC" ], "url": "http://nginx.org/download/patch.2013.proxy.txt" }, { "name": "[oss-security] 20130507 Re: nginx security advisory (CVE-2013-2028)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://seclists.org/oss-sec/2013/q2/291" }, { "name": "GLSA-201310-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml" }, { "name": "nginx-cve20132070-dos(84172)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84172" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2070", "datePublished": "2013-07-18T01:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:27:39.171Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-20005
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://nginx.org/en/CHANGES | x_refsource_MISC | |
https://trac.nginx.org/nginx/ticket/1368 | x_refsource_MISC | |
https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf | x_refsource_MISC | |
https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html | mailing-list, x_refsource_MLIST | |
https://security.netapp.com/advisory/ntap-20210805-0006/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:45:24.542Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://nginx.org/en/CHANGES" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://trac.nginx.org/nginx/ticket/1368" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b" }, { "name": "[debian-lts-announce] 20210607 [SECURITY] [DLA 2680-1] nginx security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210805-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-05T11:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://nginx.org/en/CHANGES" }, { "tags": [ "x_refsource_MISC" ], "url": "https://trac.nginx.org/nginx/ticket/1368" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b" }, { "name": "[debian-lts-announce] 20210607 [SECURITY] [DLA 2680-1] nginx security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210805-0006/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-20005", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://nginx.org/en/CHANGES", "refsource": "MISC", "url": "http://nginx.org/en/CHANGES" }, { "name": "https://trac.nginx.org/nginx/ticket/1368", "refsource": "MISC", "url": "https://trac.nginx.org/nginx/ticket/1368" }, { "name": "https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf", "refsource": "MISC", "url": "https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf" }, { "name": "https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b", "refsource": "MISC", "url": "https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b" }, { "name": "[debian-lts-announce] 20210607 [SECURITY] [DLA 2680-1] nginx security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html" }, { "name": "https://security.netapp.com/advisory/ntap-20210805-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210805-0006/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-20005", "datePublished": "2021-06-06T21:04:06", "dateReserved": "2021-06-06T00:00:00", "dateUpdated": "2024-08-05T21:45:24.542Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-2629
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.kb.cert.org/vuls/id/180065 | third-party-advisory, x_refsource_CERT-VN | |
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html | vendor-advisory, x_refsource_FEDORA | |
http://nginx.net/CHANGES-0.7 | x_refsource_CONFIRM | |
http://nginx.net/CHANGES | x_refsource_CONFIRM | |
http://sysoev.ru/nginx/patch.180065.txt | x_refsource_CONFIRM | |
http://www.debian.org/security/2009/dsa-1884 | vendor-advisory, x_refsource_DEBIAN | |
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html | vendor-advisory, x_refsource_FEDORA | |
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html | vendor-advisory, x_refsource_FEDORA | |
http://nginx.net/CHANGES-0.5 | x_refsource_CONFIRM | |
http://nginx.net/CHANGES-0.6 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:59:56.363Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#180065", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/180065" }, { "name": "FEDORA-2009-12750", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nginx.net/CHANGES-0.7" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nginx.net/CHANGES" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sysoev.ru/nginx/patch.180065.txt" }, { "name": "DSA-1884", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2009/dsa-1884" }, { "name": "FEDORA-2009-12775", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html" }, { "name": "FEDORA-2009-12782", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nginx.net/CHANGES-0.5" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nginx.net/CHANGES-0.6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-09-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2009-12-17T10:00:00", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "name": "VU#180065", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/180065" }, { "name": "FEDORA-2009-12750", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nginx.net/CHANGES-0.7" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nginx.net/CHANGES" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sysoev.ru/nginx/patch.180065.txt" }, { "name": "DSA-1884", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2009/dsa-1884" }, { "name": "FEDORA-2009-12775", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html" }, { "name": "FEDORA-2009-12782", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nginx.net/CHANGES-0.5" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nginx.net/CHANGES-0.6" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2009-2629", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#180065", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/180065" }, { "name": "FEDORA-2009-12750", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html" }, { "name": "http://nginx.net/CHANGES-0.7", "refsource": "CONFIRM", "url": "http://nginx.net/CHANGES-0.7" }, { "name": "http://nginx.net/CHANGES", "refsource": "CONFIRM", "url": "http://nginx.net/CHANGES" }, { "name": "http://sysoev.ru/nginx/patch.180065.txt", "refsource": "CONFIRM", "url": "http://sysoev.ru/nginx/patch.180065.txt" }, { "name": "DSA-1884", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1884" }, { "name": "FEDORA-2009-12775", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html" }, { "name": "FEDORA-2009-12782", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html" }, { "name": "http://nginx.net/CHANGES-0.5", "refsource": "CONFIRM", "url": "http://nginx.net/CHANGES-0.5" }, { "name": "http://nginx.net/CHANGES-0.6", "refsource": "CONFIRM", "url": "http://nginx.net/CHANGES-0.6" } ] } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2009-2629", "datePublished": "2009-09-15T22:00:00", "dateReserved": "2009-07-28T00:00:00", "dateUpdated": "2024-08-07T05:59:56.363Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-16844
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2018/dsa-4335 | vendor-advisory, x_refsource_DEBIAN | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16844 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2018:3680 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:3681 | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/105868 | vdb-entry, x_refsource_BID | |
http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html | x_refsource_MISC | |
http://www.securitytracker.com/id/1042038 | vdb-entry, x_refsource_SECTRACK | |
https://usn.ubuntu.com/3812-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html | vendor-advisory, x_refsource_SUSE | |
https://support.apple.com/kb/HT212818 | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2021/Sep/36 | mailing-list, x_refsource_FULLDISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:32:54.086Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4335", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4335" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16844" }, { "name": "RHSA-2018:3680", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3680" }, { "name": "RHSA-2018:3681", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3681" }, { "name": "105868", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105868" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "name": "1042038", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1042038" }, { "name": "USN-3812-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3812-1/" }, { "name": "openSUSE-SU-2019:2120", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "nginx", "vendor": "[UNKNOWN]", "versions": [ { "status": "affected", "version": "1.15.6" }, { "status": "affected", "version": "1.14.1" } ] } ], "datePublic": "2018-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the \u0027http2\u0027 option of the \u0027listen\u0027 directive is used in a configuration file." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-21T23:06:54", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-4335", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4335" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16844" }, { "name": "RHSA-2018:3680", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3680" }, { "name": "RHSA-2018:3681", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3681" }, { "name": "105868", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105868" }, { "tags": [ "x_refsource_MISC" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "name": "1042038", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1042038" }, { "name": "USN-3812-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3812-1/" }, { "name": "openSUSE-SU-2019:2120", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16844", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "nginx", "version": { "version_data": [ { "version_value": "1.15.6" }, { "version_value": "1.14.1" } ] } } ] }, "vendor_name": "[UNKNOWN]" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the \u0027http2\u0027 option of the \u0027listen\u0027 directive is used in a configuration file." } ] }, "impact": { "cvss": [ [ { "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4335", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4335" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16844", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16844" }, { "name": "RHSA-2018:3680", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3680" }, { "name": "RHSA-2018:3681", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3681" }, { "name": "105868", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105868" }, { "name": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html", "refsource": "MISC", "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "name": "1042038", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1042038" }, { "name": "USN-3812-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3812-1/" }, { "name": "openSUSE-SU-2019:2120", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "name": "https://support.apple.com/kb/HT212818", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-16844", "datePublished": "2018-11-07T14:00:00", "dateReserved": "2018-09-11T00:00:00", "dateUpdated": "2024-08-05T10:32:54.086Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-4963
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://english.securitylab.ru/lab/PT-2012-06 | x_refsource_MISC | |
http://nginx.org/en/security_advisories.html | x_refsource_CONFIRM | |
http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:23:38.938Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://english.securitylab.ru/lab/PT-2012-06" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nginx.org/en/security_advisories.html" }, { "name": "[nginx-announce] 20120605 security advisory", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain \"$index_allocation\" sequences in a request." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-07-26T19:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://english.securitylab.ru/lab/PT-2012-06" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nginx.org/en/security_advisories.html" }, { "name": "[nginx-announce] 20120605 security advisory", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4963", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain \"$index_allocation\" sequences in a request." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://english.securitylab.ru/lab/PT-2012-06", "refsource": "MISC", "url": "http://english.securitylab.ru/lab/PT-2012-06" }, { "name": "http://nginx.org/en/security_advisories.html", "refsource": "CONFIRM", "url": "http://nginx.org/en/security_advisories.html" }, { "name": "[nginx-announce] 20120605 security advisory", "refsource": "MLIST", "url": "http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4963", "datePublished": "2012-07-26T19:00:00Z", "dateReserved": "2011-12-23T00:00:00Z", "dateUpdated": "2024-09-16T19:56:18.339Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-3896
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:45:50.766Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035" }, { "name": "FEDORA-2009-12750", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html" }, { "name": "36839", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/36839" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=539565" }, { "name": "FEDORA-2009-12775", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz" }, { "name": "FEDORA-2009-12782", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html" }, { "name": "DSA-1920", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2009/dsa-1920" }, { "name": "48577", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48577" }, { "name": "[oss-security] 20091120 CVE Assignment nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sysoev.ru/nginx/patch.null.pointer.txt" }, { "name": "[oss-security] 20091120 CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "name": "GLSA-201203-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "name": "[nginx] 20091030 Re: null pointer dereference vulnerability in 0.1.0-0.8.13.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=nginx\u0026m=125692080328141\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-10-26T00:00:00", "descriptions": [ { "lang": "en", "value": "src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2009-12-17T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035" }, { "name": "FEDORA-2009-12750", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html" }, { "name": "36839", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/36839" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=539565" }, { "name": "FEDORA-2009-12775", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz" }, { "name": "FEDORA-2009-12782", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html" }, { "name": "DSA-1920", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2009/dsa-1920" }, { "name": "48577", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48577" }, { "name": "[oss-security] 20091120 CVE Assignment nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sysoev.ru/nginx/patch.null.pointer.txt" }, { "name": "[oss-security] 20091120 CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "name": "GLSA-201203-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "name": "[nginx] 20091030 Re: null pointer dereference vulnerability in 0.1.0-0.8.13.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=nginx\u0026m=125692080328141\u0026w=2" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-3896", "datePublished": "2009-11-24T17:00:00", "dateReserved": "2009-11-05T00:00:00", "dateUpdated": "2024-08-07T06:45:50.766Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-2263
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.exploit-db.com/exploits/13818 | exploit, x_refsource_EXPLOIT-DB | |
http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html | x_refsource_MISC | |
http://www.exploit-db.com/exploits/13822 | exploit, x_refsource_EXPLOIT-DB | |
http://www.securityfocus.com/bid/40760 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T02:25:07.565Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "13818", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/13818" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html" }, { "name": "13822", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/13822" }, { "name": "40760", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/40760" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-06-11T00:00:00", "descriptions": [ { "lang": "en", "value": "nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-16T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "13818", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/13818" }, { "tags": [ "x_refsource_MISC" ], "url": "http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html" }, { "name": "13822", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/13822" }, { "name": "40760", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/40760" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2263", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "13818", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/13818" }, { "name": "http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html", "refsource": "MISC", "url": "http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html" }, { "name": "13822", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/13822" }, { "name": "40760", "refsource": "BID", "url": "http://www.securityfocus.com/bid/40760" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2263", "datePublished": "2010-06-14T18:00:00", "dateReserved": "2010-06-11T00:00:00", "dateUpdated": "2024-08-07T02:25:07.565Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-0088
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html | mailing-list, x_refsource_MLIST | |
http://www.securitytracker.com/id/1030150 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:05:38.404Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[nginx-announce] 20140304 nginx security advisory (CVE-2014-0088)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html" }, { "name": "1030150", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1030150" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-04-29T12:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[nginx-announce] 20140304 nginx security advisory (CVE-2014-0088)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html" }, { "name": "1030150", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1030150" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0088", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[nginx-announce] 20140304 nginx security advisory (CVE-2014-0088)", "refsource": "MLIST", "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html" }, { "name": "1030150", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030150" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0088", "datePublished": "2014-04-29T14:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T09:05:38.404Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-0742
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html | vendor-advisory, x_refsource_SUSE | |
https://bto.bluecoat.com/security-advisory/sa115 | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201606-06 | vendor-advisory, x_refsource_GENTOO | |
http://www.securitytracker.com/id/1034869 | vdb-entry, x_refsource_SECTRACK | |
http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html | mailing-list, x_refsource_MLIST | |
https://access.redhat.com/errata/RHSA-2016:1425 | vendor-advisory, x_refsource_REDHAT | |
http://www.debian.org/security/2016/dsa-3473 | vendor-advisory, x_refsource_DEBIAN | |
https://bugzilla.redhat.com/show_bug.cgi?id=1302587 | x_refsource_CONFIRM | |
http://www.ubuntu.com/usn/USN-2892-1 | vendor-advisory, x_refsource_UBUNTU | |
https://support.apple.com/kb/HT212818 | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2021/Sep/36 | mailing-list, x_refsource_FULLDISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:30:04.038Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2016:0371", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "name": "GLSA-201606-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201606-06" }, { "name": "1034869", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034869" }, { "name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "name": "RHSA-2016:1425", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "name": "DSA-3473", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3473" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587" }, { "name": "USN-2892-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-26T00:00:00", "descriptions": [ { "lang": "en", "value": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-21T23:07:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "openSUSE-SU-2016:0371", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "name": "GLSA-201606-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201606-06" }, { "name": "1034869", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034869" }, { "name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "name": "RHSA-2016:1425", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "name": "DSA-3473", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3473" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587" }, { "name": "USN-2892-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-0742", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2016:0371", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "name": "https://bto.bluecoat.com/security-advisory/sa115", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "name": "GLSA-201606-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201606-06" }, { "name": "1034869", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034869" }, { "name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)", "refsource": "MLIST", "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "name": "RHSA-2016:1425", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "name": "DSA-3473", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3473" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587" }, { "name": "USN-2892-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "name": "https://support.apple.com/kb/HT212818", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-0742", "datePublished": "2016-02-15T19:00:00", "dateReserved": "2015-12-16T00:00:00", "dateUpdated": "2024-08-05T22:30:04.038Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-0747
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html | vendor-advisory, x_refsource_SUSE | |
https://bto.bluecoat.com/security-advisory/sa115 | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201606-06 | vendor-advisory, x_refsource_GENTOO | |
http://www.securitytracker.com/id/1034869 | vdb-entry, x_refsource_SECTRACK | |
http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html | mailing-list, x_refsource_MLIST | |
https://access.redhat.com/errata/RHSA-2016:1425 | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=1302589 | x_refsource_CONFIRM | |
http://www.debian.org/security/2016/dsa-3473 | vendor-advisory, x_refsource_DEBIAN | |
http://www.ubuntu.com/usn/USN-2892-1 | vendor-advisory, x_refsource_UBUNTU | |
https://support.apple.com/kb/HT212818 | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2021/Sep/36 | mailing-list, x_refsource_FULLDISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:30:04.106Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2016:0371", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "name": "GLSA-201606-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201606-06" }, { "name": "1034869", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034869" }, { "name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "name": "RHSA-2016:1425", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589" }, { "name": "DSA-3473", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3473" }, { "name": "USN-2892-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-26T00:00:00", "descriptions": [ { "lang": "en", "value": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-21T23:07:07", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "openSUSE-SU-2016:0371", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "name": "GLSA-201606-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201606-06" }, { "name": "1034869", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034869" }, { "name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "name": "RHSA-2016:1425", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589" }, { "name": "DSA-3473", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3473" }, { "name": "USN-2892-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-0747", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2016:0371", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "name": "https://bto.bluecoat.com/security-advisory/sa115", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "name": "GLSA-201606-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201606-06" }, { "name": "1034869", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034869" }, { "name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)", "refsource": "MLIST", "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "name": "RHSA-2016:1425", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589" }, { "name": "DSA-3473", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3473" }, { "name": "USN-2892-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "name": "https://support.apple.com/kb/HT212818", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-0747", "datePublished": "2016-02-15T19:00:00", "dateReserved": "2015-12-16T00:00:00", "dateUpdated": "2024-08-05T22:30:04.106Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-9513
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:54:44.842Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#605641", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://kb.cert.org/vuls/id/605641/" }, { "name": "USN-4099-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4099-1/" }, { "name": "FEDORA-2019-befd924cfe", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/" }, { "name": "20190822 [SECURITY] [DSA 4505-1] nginx security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Aug/40" }, { "name": "FEDORA-2019-81985a8858", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/" }, { "name": "DSA-4505", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4505" }, { "name": "FEDORA-2019-5a6a7bc12c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/" }, { "name": "FEDORA-2019-6a2980de56", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/" }, { "name": "FEDORA-2019-8a437d5c2f", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/" }, { "name": "20190902 [SECURITY] [DSA 4511-1] nghttp2 security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Sep/1" }, { "name": "DSA-4511", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4511" }, { "name": "FEDORA-2019-7a0b45fdc4", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/" }, { "name": "RHSA-2019:2692", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2692" }, { "name": "openSUSE-SU-2019:2120", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "name": "openSUSE-SU-2019:2114", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "name": "openSUSE-SU-2019:2115", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "name": "RHSA-2019:2745", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "name": "RHSA-2019:2746", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "name": "RHSA-2019:2775", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "name": "RHSA-2019:2799", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "name": "RHSA-2019:2925", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2925" }, { "name": "RHSA-2019:2939", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2939" }, { "name": "RHSA-2019:2949", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "name": "openSUSE-SU-2019:2232", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html" }, { "name": "openSUSE-SU-2019:2234", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html" }, { "name": "RHSA-2019:2955", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2955" }, { "name": "RHSA-2019:2966", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2966" }, { "name": "openSUSE-SU-2019:2264", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html" }, { "name": "RHSA-2019:3041", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3041" }, { "name": "RHSA-2019:3933", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "name": "RHSA-2019:3935", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "name": "RHSA-2019:3932", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "name": "DSA-4669", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4669" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_33" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K02591030" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190823-0002/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190823-0005/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "credits": [ { "lang": "en", "value": "Thanks to Jonathan Looney of Netflix for reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "value": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-20T14:42:02", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "name": "VU#605641", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://kb.cert.org/vuls/id/605641/" }, { "name": "USN-4099-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4099-1/" }, { "name": "FEDORA-2019-befd924cfe", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/" }, { "name": "20190822 [SECURITY] [DSA 4505-1] nginx security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Aug/40" }, { "name": "FEDORA-2019-81985a8858", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/" }, { "name": "DSA-4505", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4505" }, { "name": "FEDORA-2019-5a6a7bc12c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/" }, { "name": "FEDORA-2019-6a2980de56", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/" }, { "name": "FEDORA-2019-8a437d5c2f", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/" }, { "name": "20190902 [SECURITY] [DSA 4511-1] nghttp2 security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Sep/1" }, { "name": "DSA-4511", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4511" }, { "name": "FEDORA-2019-7a0b45fdc4", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/" }, { "name": "RHSA-2019:2692", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2692" }, { "name": "openSUSE-SU-2019:2120", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "name": "openSUSE-SU-2019:2114", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "name": "openSUSE-SU-2019:2115", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "name": "RHSA-2019:2745", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "name": "RHSA-2019:2746", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "name": "RHSA-2019:2775", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "name": "RHSA-2019:2799", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "name": "RHSA-2019:2925", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2925" }, { "name": "RHSA-2019:2939", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2939" }, { "name": "RHSA-2019:2949", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "name": "openSUSE-SU-2019:2232", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html" }, { "name": "openSUSE-SU-2019:2234", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html" }, { "name": "RHSA-2019:2955", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2955" }, { "name": "RHSA-2019:2966", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2966" }, { "name": "openSUSE-SU-2019:2264", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html" }, { "name": "RHSA-2019:3041", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3041" }, { "name": "RHSA-2019:3933", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "name": "RHSA-2019:3935", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "name": "RHSA-2019:3932", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "name": "DSA-4669", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4669" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_33" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K02591030" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190823-0002/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190823-0005/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service", "x_generator": { "engine": "Vulnogram 0.0.7" }, "x_legacyV4Record": { "CVE_data_meta": { "AKA": "HTTP/2 Resource Loop", "ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9513", "STATE": "PUBLIC", "TITLE": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "credit": [ { "lang": "eng", "value": "Thanks to Jonathan Looney of Netflix for reporting this vulnerability." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU." } ] }, "generator": { "engine": "Vulnogram 0.0.7" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "VU#605641", "refsource": "CERT-VN", "url": "https://kb.cert.org/vuls/id/605641/" }, { "name": "USN-4099-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4099-1/" }, { "name": "FEDORA-2019-befd924cfe", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/" }, { "name": "20190822 [SECURITY] [DSA 4505-1] nginx security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Aug/40" }, { "name": "FEDORA-2019-81985a8858", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/" }, { "name": "DSA-4505", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4505" }, { "name": "FEDORA-2019-5a6a7bc12c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/" }, { "name": "FEDORA-2019-6a2980de56", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/" }, { "name": "FEDORA-2019-8a437d5c2f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/" }, { "name": "20190902 [SECURITY] [DSA 4511-1] nghttp2 security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/1" }, { "name": "DSA-4511", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4511" }, { "name": "FEDORA-2019-7a0b45fdc4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/" }, { "name": "RHSA-2019:2692", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2692" }, { "name": "openSUSE-SU-2019:2120", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "name": "openSUSE-SU-2019:2114", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "name": "openSUSE-SU-2019:2115", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "name": "RHSA-2019:2745", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "name": "RHSA-2019:2746", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "name": "RHSA-2019:2775", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "name": "RHSA-2019:2799", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "name": "RHSA-2019:2925", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2925" }, { "name": "RHSA-2019:2939", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2939" }, { "name": "RHSA-2019:2949", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "name": "openSUSE-SU-2019:2232", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html" }, { "name": "openSUSE-SU-2019:2234", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html" }, { "name": "RHSA-2019:2955", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2955" }, { "name": "RHSA-2019:2966", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2966" }, { "name": "openSUSE-SU-2019:2264", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html" }, { "name": "RHSA-2019:3041", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3041" }, { "name": "RHSA-2019:3933", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "name": "RHSA-2019:3935", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "name": "RHSA-2019:3932", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "name": "DSA-4669", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4669" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "refsource": "MISC", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_33", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_33" }, { "name": "https://support.f5.com/csp/article/K02591030", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K02591030" }, { "name": "https://security.netapp.com/advisory/ntap-20190823-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190823-0002/" }, { "name": "https://security.netapp.com/advisory/ntap-20190823-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190823-0005/" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296" }, { "name": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2019-9513", "datePublished": "2019-08-13T20:50:59", "dateReserved": "2019-03-01T00:00:00", "dateUpdated": "2024-08-04T21:54:44.842Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-4315
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://openwall.com/lists/oss-security/2011/11/17/10 | mailing-list, x_refsource_MLIST | |
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html | vendor-advisory, x_refsource_FEDORA | |
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html | vendor-advisory, x_refsource_SUSE | |
http://www.nginx.org/en/CHANGES-1.0 | x_refsource_CONFIRM | |
http://trac.nginx.org/nginx/changeset/4268/nginx | x_refsource_CONFIRM | |
http://openwall.com/lists/oss-security/2011/11/17/8 | mailing-list, x_refsource_MLIST | |
http://secunia.com/advisories/48577 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/47097 | third-party-advisory, x_refsource_SECUNIA | |
http://security.gentoo.org/glsa/glsa-201203-22.xml | vendor-advisory, x_refsource_GENTOO | |
http://www.securityfocus.com/bid/50710 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:01:51.591Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20111117 Re: CVE Request: nginx resolver heap overflow", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/11/17/10" }, { "name": "FEDORA-2011-16075", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html" }, { "name": "SUSE-SU-2011:1300", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.nginx.org/en/CHANGES-1.0" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://trac.nginx.org/nginx/changeset/4268/nginx" }, { "name": "[oss-security] 20111117 CVE Request: nginx resolver heap overflow", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/11/17/8" }, { "name": "48577", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48577" }, { "name": "47097", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/47097" }, { "name": "GLSA-201203-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "name": "50710", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/50710" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-11-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-06-09T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[oss-security] 20111117 Re: CVE Request: nginx resolver heap overflow", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/11/17/10" }, { "name": "FEDORA-2011-16075", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html" }, { "name": "SUSE-SU-2011:1300", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.nginx.org/en/CHANGES-1.0" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://trac.nginx.org/nginx/changeset/4268/nginx" }, { "name": "[oss-security] 20111117 CVE Request: nginx resolver heap overflow", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/11/17/8" }, { "name": "48577", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48577" }, { "name": "47097", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/47097" }, { "name": "GLSA-201203-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "name": "50710", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/50710" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4315", "datePublished": "2011-12-08T20:00:00", "dateReserved": "2011-11-04T00:00:00", "dateUpdated": "2024-08-07T00:01:51.591Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-16845
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:32:54.012Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4335", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4335" }, { "name": "RHSA-2018:3680", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3680" }, { "name": "RHSA-2018:3681", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3681" }, { "name": "105868", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105868" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845" }, { "name": "1042039", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1042039" }, { "name": "[debian-lts-announce] 20181108 [SECURITY] [DLA 1572-1] nginx security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html" }, { "name": "RHSA-2018:3653", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3653" }, { "name": "RHSA-2018:3652", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3652" }, { "name": "USN-3812-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3812-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "name": "openSUSE-SU-2019:2120", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "nginx", "vendor": "[UNKNOWN]", "versions": [ { "status": "affected", "version": "1.15.6" }, { "status": "affected", "version": "1.14.1" } ] } ], "datePublic": "2018-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-21T23:07:09", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-4335", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4335" }, { "name": "RHSA-2018:3680", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3680" }, { "name": "RHSA-2018:3681", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3681" }, { "name": "105868", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105868" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845" }, { "name": "1042039", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1042039" }, { "name": "[debian-lts-announce] 20181108 [SECURITY] [DLA 1572-1] nginx security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html" }, { "name": "RHSA-2018:3653", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3653" }, { "name": "RHSA-2018:3652", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3652" }, { "name": "USN-3812-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3812-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "name": "openSUSE-SU-2019:2120", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16845", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "nginx", "version": { "version_data": [ { "version_value": "1.15.6" }, { "version_value": "1.14.1" } ] } } ] }, "vendor_name": "[UNKNOWN]" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module." } ] }, "impact": { "cvss": [ [ { "vectorString": "8.2/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4335", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4335" }, { "name": "RHSA-2018:3680", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3680" }, { "name": "RHSA-2018:3681", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3681" }, { "name": "105868", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105868" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845" }, { "name": "1042039", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1042039" }, { "name": "[debian-lts-announce] 20181108 [SECURITY] [DLA 1572-1] nginx security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html" }, { "name": "RHSA-2018:3653", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3653" }, { "name": "RHSA-2018:3652", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3652" }, { "name": "USN-3812-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3812-1/" }, { "name": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html", "refsource": "MISC", "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "name": "openSUSE-SU-2019:2120", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "name": "https://support.apple.com/kb/HT212818", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-16845", "datePublished": "2018-11-07T14:00:00", "dateReserved": "2018-09-11T00:00:00", "dateUpdated": "2024-08-05T10:32:54.012Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-4487
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/37711 | vdb-entry, x_refsource_BID | |
http://www.ush.it/team/ush/hack_httpd_escape/adv.txt | x_refsource_MISC | |
http://www.securityfocus.com/archive/1/508830/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T07:01:20.466Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "37711", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/37711" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt" }, { "name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-01-10T00:00:00", "descriptions": [ { "lang": "en", "value": "nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window\u0027s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "37711", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/37711" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt" }, { "name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4487", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window\u0027s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "37711", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37711" }, { "name": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", "refsource": "MISC", "url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt" }, { "name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4487", "datePublished": "2010-01-13T20:00:00", "dateReserved": "2009-12-30T00:00:00", "dateUpdated": "2024-08-07T07:01:20.466Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-0746
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html | vendor-advisory, x_refsource_SUSE | |
https://bto.bluecoat.com/security-advisory/sa115 | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201606-06 | vendor-advisory, x_refsource_GENTOO | |
http://www.securitytracker.com/id/1034869 | vdb-entry, x_refsource_SECTRACK | |
http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html | mailing-list, x_refsource_MLIST | |
https://access.redhat.com/errata/RHSA-2016:1425 | vendor-advisory, x_refsource_REDHAT | |
http://www.debian.org/security/2016/dsa-3473 | vendor-advisory, x_refsource_DEBIAN | |
http://www.ubuntu.com/usn/USN-2892-1 | vendor-advisory, x_refsource_UBUNTU | |
https://bugzilla.redhat.com/show_bug.cgi?id=1302588 | x_refsource_CONFIRM | |
https://support.apple.com/kb/HT212818 | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2021/Sep/36 | mailing-list, x_refsource_FULLDISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:30:03.992Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2016:0371", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "name": "GLSA-201606-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201606-06" }, { "name": "1034869", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034869" }, { "name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "name": "RHSA-2016:1425", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "name": "DSA-3473", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3473" }, { "name": "USN-2892-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-26T00:00:00", "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-21T23:06:59", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "openSUSE-SU-2016:0371", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "name": "GLSA-201606-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201606-06" }, { "name": "1034869", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034869" }, { "name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "name": "RHSA-2016:1425", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "name": "DSA-3473", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3473" }, { "name": "USN-2892-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-0746", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2016:0371", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "name": "https://bto.bluecoat.com/security-advisory/sa115", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "name": "GLSA-201606-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201606-06" }, { "name": "1034869", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034869" }, { "name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)", "refsource": "MLIST", "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "name": "RHSA-2016:1425", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "name": "DSA-3473", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3473" }, { "name": "USN-2892-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588" }, { "name": "https://support.apple.com/kb/HT212818", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-0746", "datePublished": "2016-02-15T19:00:00", "dateReserved": "2015-12-16T00:00:00", "dateUpdated": "2024-08-05T22:30:03.992Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-4968
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://security-tracker.debian.org/tracker/CVE-2011-4968 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968 | x_refsource_MISC | |
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968 | x_refsource_MISC | |
https://access.redhat.com/security/cve/cve-2011-4968 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2013/01/03/8 | x_refsource_MISC | |
http://www.securityfocus.com/bid/57139 | x_refsource_MISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/80952 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:23:39.358Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4968" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/cve/cve-2011-4968" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2013/01/03/8" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.securityfocus.com/bid/57139" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80952" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "nginx", "vendor": "nginx", "versions": [ { "status": "affected", "version": "through 1.6.2" } ] } ], "descriptions": [ { "lang": "en", "value": "nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)" } ], "problemTypes": [ { "descriptions": [ { "description": "http proxy module does not verify peer identity of https origin server", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-19T15:18:17", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4968" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/cve/cve-2011-4968" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.openwall.com/lists/oss-security/2013/01/03/8" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.securityfocus.com/bid/57139" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80952" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4968", "datePublished": "2019-11-19T15:18:17", "dateReserved": "2011-12-23T00:00:00", "dateUpdated": "2024-08-07T00:23:39.358Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-1180
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:53:35.626Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2012:0469", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "https://hermes.opensuse.org/messages/14173096" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://trac.nginx.org/nginx/changeset/4531/nginx" }, { "name": "80124", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/80124" }, { "name": "DSA-2434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2434" }, { "name": "FEDORA-2012-4006", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076671.html" }, { "name": "[oss-security] 20120315 CVE Request: nginx fix for malformed HTTP responses from upstream servers", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/15/5" }, { "name": "48465", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48465" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nginx.org/en/security_advisories.html" }, { "name": "[oss-security] 20120315 Re: CVE Request: nginx fix for malformed HTTP responses from upstream servers", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/15/9" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nginx.org/download/patch.2012.memory.txt" }, { "name": "48577", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48577" }, { "name": "FEDORA-2012-3846", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://trac.nginx.org/nginx/changeset/4530/nginx" }, { "name": "FEDORA-2012-3991", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076646.html" }, { "name": "nginx-ngxcpystrn-info-disclosure(74191)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74191" }, { "name": "MDVSA-2012:043", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:043" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803856" }, { "name": "GLSA-201203-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "name": "20120315 nginx fix for malformed HTTP responses from upstream servers", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://seclists.org/bugtraq/2012/Mar/65" }, { "name": "1026827", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026827" }, { "name": "52578", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/52578" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-03-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-17T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "openSUSE-SU-2012:0469", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "https://hermes.opensuse.org/messages/14173096" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://trac.nginx.org/nginx/changeset/4531/nginx" }, { "name": "80124", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/80124" }, { "name": "DSA-2434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2434" }, { "name": "FEDORA-2012-4006", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076671.html" }, { "name": "[oss-security] 20120315 CVE Request: nginx fix for malformed HTTP responses from upstream servers", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/15/5" }, { "name": "48465", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48465" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nginx.org/en/security_advisories.html" }, { "name": "[oss-security] 20120315 Re: CVE Request: nginx fix for malformed HTTP responses from upstream servers", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/15/9" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nginx.org/download/patch.2012.memory.txt" }, { "name": "48577", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48577" }, { "name": "FEDORA-2012-3846", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://trac.nginx.org/nginx/changeset/4530/nginx" }, { "name": "FEDORA-2012-3991", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076646.html" }, { "name": "nginx-ngxcpystrn-info-disclosure(74191)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74191" }, { "name": "MDVSA-2012:043", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:043" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803856" }, { "name": "GLSA-201203-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "name": "20120315 nginx fix for malformed HTTP responses from upstream servers", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://seclists.org/bugtraq/2012/Mar/65" }, { "name": "1026827", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026827" }, { "name": "52578", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/52578" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1180", "datePublished": "2012-04-17T21:00:00", "dateReserved": "2012-02-14T00:00:00", "dateUpdated": "2024-08-06T18:53:35.626Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-1247
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:48:13.613Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "40768", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/40768/" }, { "name": "20161121 Nginx (Debian-based distros) - Root Privilege Escalation (CVE-2016-1247)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/539796/100/0/threaded" }, { "name": "DSA-3701", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3701" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.youtube.com/watch?v=aTswN1k1fQs" }, { "name": "93903", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/93903" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html" }, { "name": "USN-3114-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-3114-1" }, { "name": "20170113 Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE]", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2017/Jan/33" }, { "name": "GLSA-201701-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201701-22" }, { "name": "1037104", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037104" }, { "name": "20161116 Nginx (Debian-based distros) - Root Privilege Escalation Vulnerability (CVE-2016-1247)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2016/Nov/78" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html" }, { "name": "FEDORA-2021-10c1cd4cba", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3WOO7E5R2HT5XVOIOFPEFALILVOWZUF/" }, { "name": "FEDORA-2021-1556d440ba", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESTIADC7BDB6VTH4JAP6C6OCW2CQ4NHP/" }, { "name": "FEDORA-2021-3aa9ac7fd1", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBIZEKHBOCKO7FUMCO4X53ENMWU5OYFX/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-10-25T00:00:00", "descriptions": [ { "lang": "en", "value": "The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-30T02:06:20", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "name": "40768", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/40768/" }, { "name": "20161121 Nginx (Debian-based distros) - Root Privilege Escalation (CVE-2016-1247)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/539796/100/0/threaded" }, { "name": "DSA-3701", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3701" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.youtube.com/watch?v=aTswN1k1fQs" }, { "name": "93903", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/93903" }, { "tags": [ "x_refsource_MISC" ], "url": "https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html" }, { "name": "USN-3114-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-3114-1" }, { "name": "20170113 Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE]", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2017/Jan/33" }, { "name": "GLSA-201701-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201701-22" }, { "name": "1037104", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037104" }, { "name": "20161116 Nginx (Debian-based distros) - Root Privilege Escalation Vulnerability (CVE-2016-1247)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2016/Nov/78" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html" }, { "name": "FEDORA-2021-10c1cd4cba", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3WOO7E5R2HT5XVOIOFPEFALILVOWZUF/" }, { "name": "FEDORA-2021-1556d440ba", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESTIADC7BDB6VTH4JAP6C6OCW2CQ4NHP/" }, { "name": "FEDORA-2021-3aa9ac7fd1", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBIZEKHBOCKO7FUMCO4X53ENMWU5OYFX/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2016-1247", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "40768", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40768/" }, { "name": "20161121 Nginx (Debian-based distros) - Root Privilege Escalation (CVE-2016-1247)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/539796/100/0/threaded" }, { "name": "DSA-3701", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3701" }, { "name": "https://www.youtube.com/watch?v=aTswN1k1fQs", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=aTswN1k1fQs" }, { "name": "93903", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93903" }, { "name": "https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html", "refsource": "MISC", "url": "https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html" }, { "name": "USN-3114-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3114-1" }, { "name": "20170113 Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE]", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2017/Jan/33" }, { "name": "GLSA-201701-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-22" }, { "name": "1037104", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037104" }, { "name": "20161116 Nginx (Debian-based distros) - Root Privilege Escalation Vulnerability (CVE-2016-1247)", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Nov/78" }, { "name": "http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html" }, { "name": "FEDORA-2021-10c1cd4cba", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3WOO7E5R2HT5XVOIOFPEFALILVOWZUF/" }, { "name": "FEDORA-2021-1556d440ba", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESTIADC7BDB6VTH4JAP6C6OCW2CQ4NHP/" }, { "name": "FEDORA-2021-3aa9ac7fd1", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBIZEKHBOCKO7FUMCO4X53ENMWU5OYFX/" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2016-1247", "datePublished": "2016-11-29T17:00:00", "dateReserved": "2015-12-27T00:00:00", "dateUpdated": "2024-08-05T22:48:13.613Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-2266
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.exploit-db.com/exploits/13818/ | exploit, x_refsource_EXPLOIT-DB |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T02:25:07.612Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "13818", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/13818/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-06-11T00:00:00", "descriptions": [ { "lang": "en", "value": "nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the \"%c0.%c0.\" sequence." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2010-06-17T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "13818", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/13818/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2266", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the \"%c0.%c0.\" sequence." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "13818", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/13818/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2266", "datePublished": "2010-06-14T18:00:00", "dateReserved": "2010-06-14T00:00:00", "dateUpdated": "2024-08-07T02:25:07.612Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-4180
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T03:34:37.524Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SR:2011:001", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" }, { "name": "1024822", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1024822" }, { "name": "42473", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42473" }, { "name": "42571", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42571" }, { "name": "43170", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43170" }, { "name": "SSA:2010-340-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471" }, { "name": "ADV-2011-0268", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0268" }, { "name": "SUSE-SR:2011:009", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4723" }, { "name": "SUSE-SU-2011:0847", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "name": "42493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42493" }, { "name": "43173", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43173" }, { "name": "FEDORA-2010-18765", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html" }, { "name": "ADV-2011-0032", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "name": "openSUSE-SU-2011:0845", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "name": "43171", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43171" }, { "name": "42620", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42620" }, { "name": "SSRT100817", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "APPLE-SA-2011-06-23-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" }, { "name": "USN-1029-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://ubuntu.com/usn/usn-1029-1" }, { "name": "ADV-2010-3120", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3120" }, { "name": "FEDORA-2010-18736", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html" }, { "name": "ADV-2010-3122", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3122" }, { "name": "43169", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43169" }, { "name": "43172", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43172" }, { "name": "HPSBHF02706", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "45164", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/45164" }, { "name": "69565", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/69565" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "42469", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42469" }, { "name": "HPSBMU02759", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "SSRT100475", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "42877", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42877" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=20131" }, { "name": "RHSA-2010:0977", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html" }, { "name": "HPSBMA02658", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "SSRT100413", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "ADV-2010-3134", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3134" }, { "name": "ADV-2010-3188", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3188" }, { "name": "oval:org.mitre.oval:def:18910", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910" }, { "name": "HPSBUX02638", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "name": "ADV-2011-0076", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0076" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://openssl.org/news/secadv_20101202.txt" }, { "name": "RHSA-2010:0978", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0978.html" }, { "name": "44269", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/44269" }, { "name": "RHSA-2011:0896", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html" }, { "name": "DSA-2141", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2011/dsa-2141" }, { "name": "HPSBOV02670", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "SSRT100613", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "SSRT100339", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "name": "MDVSA-2010:248", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:248" }, { "name": "RHSA-2010:0979", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0979.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA53\u0026actp=LIST" }, { "name": "42811", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42811" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-12-02T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "SUSE-SR:2011:001", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" }, { "name": "1024822", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1024822" }, { "name": "42473", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42473" }, { "name": "42571", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42571" }, { "name": "43170", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43170" }, { "name": "SSA:2010-340-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471" }, { "name": "ADV-2011-0268", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0268" }, { "name": "SUSE-SR:2011:009", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4723" }, { "name": "SUSE-SU-2011:0847", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "name": "42493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42493" }, { "name": "43173", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43173" }, { "name": "FEDORA-2010-18765", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html" }, { "name": "ADV-2011-0032", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "name": "openSUSE-SU-2011:0845", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "name": "43171", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43171" }, { "name": "42620", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42620" }, { "name": "SSRT100817", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "APPLE-SA-2011-06-23-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" }, { "name": "USN-1029-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://ubuntu.com/usn/usn-1029-1" }, { "name": "ADV-2010-3120", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3120" }, { "name": "FEDORA-2010-18736", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html" }, { "name": "ADV-2010-3122", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3122" }, { "name": "43169", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43169" }, { "name": "43172", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43172" }, { "name": "HPSBHF02706", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "45164", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/45164" }, { "name": "69565", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/69565" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "42469", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42469" }, { "name": "HPSBMU02759", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "SSRT100475", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "42877", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42877" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=20131" }, { "name": "RHSA-2010:0977", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html" }, { "name": "HPSBMA02658", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "SSRT100413", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "ADV-2010-3134", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3134" }, { "name": "ADV-2010-3188", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3188" }, { "name": "oval:org.mitre.oval:def:18910", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910" }, { "name": "HPSBUX02638", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "name": "ADV-2011-0076", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0076" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://openssl.org/news/secadv_20101202.txt" }, { "name": "RHSA-2010:0978", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0978.html" }, { "name": "44269", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/44269" }, { "name": "RHSA-2011:0896", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html" }, { "name": "DSA-2141", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2011/dsa-2141" }, { "name": "HPSBOV02670", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "SSRT100613", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "SSRT100339", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "name": "MDVSA-2010:248", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:248" }, { "name": "RHSA-2010:0979", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0979.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA53\u0026actp=LIST" }, { "name": "42811", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42811" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4180", "datePublished": "2010-12-06T21:00:00", "dateReserved": "2010-11-04T00:00:00", "dateUpdated": "2024-08-07T03:34:37.524Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-2028
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html | mailing-list, x_refsource_MLIST | |
http://www.osvdb.org/93037 | vdb-entry, x_refsource_OSVDB | |
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105176.html | vendor-advisory, x_refsource_FEDORA | |
http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/ | x_refsource_MISC | |
http://secunia.com/advisories/55181 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securityfocus.com/bid/59699 | vdb-entry, x_refsource_BID | |
http://security.gentoo.org/glsa/glsa-201310-04.xml | vendor-advisory, x_refsource_GENTOO | |
https://github.com/rapid7/metasploit-framework/pull/1834 | x_refsource_MISC | |
http://nginx.org/download/patch.2013.chunked.txt | x_refsource_MISC | |
http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T15:20:37.493Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[nginx-announce] 20130507 nginx security advisory (CVE-2013-2028)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html" }, { "name": "93037", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/93037" }, { "name": "FEDORA-2013-7560", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105176.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/" }, { "name": "55181", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55181" }, { "name": "59699", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/59699" }, { "name": "GLSA-201310-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/rapid7/metasploit-framework/pull/1834" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://nginx.org/download/patch.2013.chunked.txt" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-05-07T00:00:00", "descriptions": [ { "lang": "en", "value": "The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-29T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[nginx-announce] 20130507 nginx security advisory (CVE-2013-2028)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html" }, { "name": "93037", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/93037" }, { "name": "FEDORA-2013-7560", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105176.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/" }, { "name": "55181", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55181" }, { "name": "59699", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/59699" }, { "name": "GLSA-201310-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/rapid7/metasploit-framework/pull/1834" }, { "tags": [ "x_refsource_MISC" ], "url": "http://nginx.org/download/patch.2013.chunked.txt" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2028", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[nginx-announce] 20130507 nginx security advisory (CVE-2013-2028)", "refsource": "MLIST", "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html" }, { "name": "93037", "refsource": "OSVDB", "url": "http://www.osvdb.org/93037" }, { "name": "FEDORA-2013-7560", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105176.html" }, { "name": "http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/", "refsource": "MISC", "url": "http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/" }, { "name": "55181", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55181" }, { "name": "59699", "refsource": "BID", "url": "http://www.securityfocus.com/bid/59699" }, { "name": "GLSA-201310-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml" }, { "name": "https://github.com/rapid7/metasploit-framework/pull/1834", "refsource": "MISC", "url": "https://github.com/rapid7/metasploit-framework/pull/1834" }, { "name": "http://nginx.org/download/patch.2013.chunked.txt", "refsource": "MISC", "url": "http://nginx.org/download/patch.2013.chunked.txt" }, { "name": "http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2028", "datePublished": "2013-07-18T01:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:37.493Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-3555
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:31:10.430Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2010-05-18-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" }, { "name": "1023427", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023427" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/css/P8/documents/100081611" }, { "name": "62210", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/62210" }, { "name": "37640", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37640" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt" }, { "name": "ADV-2010-0916", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0916" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/css/P8/documents/100114327" }, { "name": "RHSA-2010:0167", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html" }, { "name": "ADV-2010-2010", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/2010" }, { "name": "FEDORA-2009-12750", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html" }, { "name": "ADV-2010-0086", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0086" }, { "name": "ADV-2010-1673", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1673" }, { "name": "[tls] 20091104 TLS renegotiation issue", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html" }, { "name": "37656", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37656" }, { "name": "RHSA-2010:0865", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html" }, { "name": "39628", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39628" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" }, { "name": "42724", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42724" }, { "name": "ADV-2009-3310", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3310" }, { "name": "ADV-2009-3205", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3205" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during" }, { "name": "39461", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39461" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/css/P8/documents/100114315" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c" }, { "name": "GLSA-201406-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ingate.com/Relnote.php?ver=481" }, { "name": "1023204", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023204" }, { "name": "40866", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40866" }, { "name": "HPSBMU02799", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "name": "TA10-222A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" }, { "name": "1023211", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023211" }, { "name": "SSRT090249", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686" }, { "name": "39317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39317" }, { "name": "1023212", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023212" }, { "name": "SUSE-SA:2010:061", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html" }, { "name": "39127", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39127" }, { "name": "40545", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40545" }, { "name": "ADV-2010-3069", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3069" }, { "name": "[4.5] 010: SECURITY FIX: November 26, 2009", "tags": [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred" ], "url": "http://openbsd.org/errata45.html#010_openssl" }, { "name": "1023210", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023210" }, { "name": "1023270", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023270" }, { "name": "40070", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40070" }, { "name": "1023273", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023273" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kbase.redhat.com/faq/docs/DOC-20491" }, { "name": "USN-927-5", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-927-5" }, { "name": "PM12247", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247" }, { "name": "SUSE-SU-2011:0847", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "name": "MDVSA-2010:089", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089" }, { "name": "RHSA-2010:0770", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20091111.txt" }, { "name": "1023275", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023275" }, { "name": "DSA-3253", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3253" }, { "name": "ADV-2009-3484", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3484" }, { "name": "1023207", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023207" }, { "name": "37859", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37859" }, { "name": "SSRT101846", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "name": "1021752", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1" }, { "name": "FEDORA-2010-6131", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html" }, { "name": "ADV-2010-0848", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0848" }, { "name": "[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3" }, { "name": "39819", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39819" }, { "name": "IC68055", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.links.org/?p=786" }, { "name": "60521", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/60521" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "name": "VU#120541", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/120541" }, { "name": "1023217", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023217" }, { "name": "RHSA-2010:0768", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html" }, { "name": "ADV-2009-3353", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3353" }, { "name": "FEDORA-2010-5357", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html" }, { "name": "39136", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39136" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html" }, { "name": "ADV-2011-0032", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "name": "1023148", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1023148" }, { "name": "openSUSE-SU-2011:0845", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "name": "36935", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/36935" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.tombom.co.uk/blog/?p=85" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "ADV-2010-1107", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1107" }, { "name": "1023218", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023218" }, { "name": "ADV-2010-1350", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1350" }, { "name": "RHSA-2010:0338", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" }, { "name": "42379", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42379" }, { "name": "FEDORA-2009-12775", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html" }, { "name": "20091109 Transport Layer Security Renegotiation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml" }, { "name": "IC67848", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848" }, { "name": "1023213", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023213" }, { "name": "FEDORA-2010-16240", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" }, { "name": "ADV-2010-1793", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1793" }, { "name": "oval:org.mitre.oval:def:11617", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://extendedsubset.com/?p=8" }, { "name": "37292", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37292" }, { "name": "SSRT100817", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "tls-renegotiation-weak-security(54158)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158" }, { "name": "APPLE-SA-2010-05-18-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" }, { "name": "39278", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39278" }, { "name": "1023205", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023205" }, { "name": "RHSA-2010:0130", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html" }, { "name": "HPSBUX02482", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686" }, { "name": "HPSBHF03293", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4004" }, { "name": "1023215", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023215" }, { "name": "USN-1010-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1010-1" }, { "name": "1023206", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023206" }, { "name": "SUSE-SR:2010:011", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "name": "GLSA-200912-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml" }, { "name": "SSRT090180", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2" }, { "name": "ADV-2009-3313", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3313" }, { "name": "274990", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1" }, { "name": "1023208", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023208" }, { "name": "43308", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43308" }, { "name": "1023214", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023214" }, { "name": "SUSE-SA:2009:057", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html" }, { "name": "38781", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38781" }, { "name": "HPSBOV02762", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "name": "HPSBMA02534", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2" }, { "name": "DSA-1934", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2009/dsa-1934" }, { "name": "FEDORA-2009-12782", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html" }, { "name": "oval:org.mitre.oval:def:7478", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478" }, { "name": "1023271", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023271" }, { "name": "APPLE-SA-2010-01-19-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html" }, { "name": "[cryptography] 20091105 OpenSSL 0.9.8l released", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2" }, { "name": "42467", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42467" }, { "name": "20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:7315", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315" }, { "name": "1023224", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023224" }, { "name": "SUSE-SR:2010:013", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "name": "USN-927-4", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-927-4" }, { "name": "41490", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/41490" }, { "name": "20091124 rPSA-2009-0155-1 httpd mod_ssl", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded" }, { "name": "1023243", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023243" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html" }, { "name": "37504", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37504" }, { "name": "1023219", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023219" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html" }, { "name": "1023163", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023163" }, { "name": "HPSBHF02706", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "ADV-2009-3521", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3521" }, { "name": "oval:org.mitre.oval:def:7973", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973" }, { "name": "HPSBMA02568", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "name": "oval:org.mitre.oval:def:10088", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088" }, { "name": "44183", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/44183" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES" }, { "name": "42808", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42808" }, { "name": "39500", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39500" }, { "name": "oval:org.mitre.oval:def:11578", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" }, { "name": "ADV-2009-3220", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3220" }, { "name": "SSRT100179", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "name": "SSRT100089", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2" }, { "name": "RHSA-2010:0165", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html" }, { "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded" }, { "name": "RHSA-2010:0987", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html" }, { "name": "1023411", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023411" }, { "name": "RHSA-2010:0339", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html" }, { "name": "RHSA-2010:0986", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html" }, { "name": "ADV-2009-3164", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3164" }, { "name": "37383", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37383" }, { "name": "FEDORA-2009-12229", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html" }, { "name": "44954", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/44954" }, { "name": "[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html" }, { "name": "HPSBUX02524", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/css/P8/documents/100070150" }, { "name": "40747", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40747" }, { "name": "HPSBUX02498", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2" }, { "name": "HPSBMU02759", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "39292", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39292" }, { "name": "42816", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42816" }, { "name": "IC68054", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054" }, { "name": "273029", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1" }, { "name": "FEDORA-2009-12604", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://extendedsubset.com/Renegotiating_TLS.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4170" }, { "name": "20091118 TLS / SSLv3 vulnerability explained (DRAFT)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded" }, { "name": "1023209", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023209" }, { "name": "PM00675", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PM00675\u0026apar=only" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "48577", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48577" }, { "name": "SSA:2009-320-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.links.org/?p=789" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.opera.com/docs/changelogs/unix/1060/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html" }, { "name": "RHSA-2011:0880", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" }, { "name": "SUSE-SR:2010:008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" }, { "name": "[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3" }, { "name": "FEDORA-2009-12305", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155" }, { "name": "SUSE-SR:2010:012", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.citrix.com/article/CTX123359" }, { "name": "37501", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37501" }, { "name": "MDVSA-2010:076", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076" }, { "name": "HPSBUX02517", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2" }, { "name": "ADV-2009-3587", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3587" }, { "name": "39632", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39632" }, { "name": "SSRT090264", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2" }, { "name": "38687", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38687" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689" }, { "name": "MS10-049", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049" }, { "name": "ADV-2010-0982", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0982" }, { "name": "SSRT100825", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "name": "37399", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37399" }, { "name": "USN-927-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-927-1" }, { "name": "1023272", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023272" }, { "name": "FEDORA-2009-12606", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html" }, { "name": "ADV-2010-3126", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3126" }, { "name": "37320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37320" }, { "name": "ADV-2009-3165", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3165" }, { "name": "ADV-2010-1639", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1639" }, { "name": "38020", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38020" }, { "name": "USN-923-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://ubuntu.com/usn/usn-923-1" }, { "name": "39243", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39243" }, { "name": "oval:org.mitre.oval:def:8366", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366" }, { "name": "37453", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37453" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html" }, { "name": "ADV-2010-0933", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0933" }, { "name": "SSRT100219", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "name": "41972", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/41972" }, { "name": "ADV-2010-3086", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3086" }, { "name": "DSA-2141", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2011/dsa-2141" }, { "name": "1024789", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1024789" }, { "name": "RHSA-2010:0155", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html" }, { "name": "ADV-2011-0033", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0033" }, { "name": "RHSA-2010:0337", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" }, { "name": "1023216", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023216" }, { "name": "41480", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/41480" }, { "name": "ADV-2011-0086", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0086" }, { "name": "41818", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/41818" }, { "name": "37604", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37604" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.opera.com/support/search/view/944/" }, { "name": "[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2" }, { "name": "SUSE-SR:2010:024", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" }, { "name": "TA10-287A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.links.org/?p=780" }, { "name": "RHSA-2010:0119", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html" }, { "name": "38056", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38056" }, { "name": "ADV-2010-0748", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0748" }, { "name": "37675", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37675" }, { "name": "oval:org.mitre.oval:def:8535", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535" }, { "name": "HPSBMA02547", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "name": "SSRT100058", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html" }, { "name": "RHSA-2010:0786", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt" }, { "name": "38003", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38003" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4171" }, { "name": "1023428", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023428" }, { "name": "SSRT100613", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "[oss-security] 20091120 CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "name": "ADV-2009-3354", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3354" }, { "name": "1023274", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023274" }, { "name": "FEDORA-2009-12968", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html" }, { "name": "39242", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39242" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50" }, { "name": "38241", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38241" }, { "name": "42377", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42377" }, { "name": "GLSA-201203-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "name": "[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3" }, { "name": "SUSE-SR:2010:019", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" }, { "name": "60972", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/60972" }, { "name": "1023426", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023426" }, { "name": "38484", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38484" }, { "name": "MDVSA-2010:084", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.betanews.com/article/1257452450" }, { "name": "1021653", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html" }, { "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "name": "[4.6] 004: SECURITY FIX: November 26, 2009", "tags": [ "vendor-advisory", "x_refsource_OPENBSD", "x_transferred" ], "url": "http://openbsd.org/errata46.html#004_openssl" }, { "name": "41967", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/41967" }, { "name": "RHSA-2010:0807", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html" }, { "name": "ADV-2010-1191", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1191" }, { "name": "20091111 Re: SSL/TLS MiTM PoC", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2009/Nov/139" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html" }, { "name": "[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5" }, { "name": "39713", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39713" }, { "name": "42733", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42733" }, { "name": "37291", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37291" }, { "name": "FEDORA-2010-16312", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" }, { "name": "FEDORA-2010-5942", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html" }, { "name": "ADV-2010-2745", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/2745" }, { "name": "273350", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1" }, { "name": "ADV-2010-0994", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0994" }, { "name": "ADV-2010-0173", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0173" }, { "name": "ADV-2010-1054", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1054" }, { "name": "65202", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/65202" }, { "name": "HPSBGN02562", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041" }, { "name": "FEDORA-2010-16294", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" }, { "name": "[gnutls-devel] 20091105 Re: TLS renegotiation MITM", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html" }, { "name": "20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://clicky.me/tlsvuln" }, { "name": "42811", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42811" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-11-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:08:08", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "APPLE-SA-2010-05-18-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" }, { "name": "1023427", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023427" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/css/P8/documents/100081611" }, { "name": "62210", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/62210" }, { "name": "37640", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37640" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt" }, { "name": "ADV-2010-0916", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0916" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/css/P8/documents/100114327" }, { "name": "RHSA-2010:0167", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html" }, { "name": "ADV-2010-2010", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/2010" }, { "name": "FEDORA-2009-12750", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html" }, { "name": "ADV-2010-0086", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0086" }, { "name": "ADV-2010-1673", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1673" }, { "name": "[tls] 20091104 TLS renegotiation issue", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html" }, { "name": "37656", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37656" }, { "name": "RHSA-2010:0865", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html" }, { "name": "39628", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39628" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" }, { "name": "42724", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42724" }, { "name": "ADV-2009-3310", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3310" }, { "name": "ADV-2009-3205", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3205" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during" }, { "name": "39461", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39461" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/css/P8/documents/100114315" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c" }, { "name": "GLSA-201406-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ingate.com/Relnote.php?ver=481" }, { "name": "1023204", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023204" }, { "name": "40866", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40866" }, { "name": "HPSBMU02799", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "name": "TA10-222A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" }, { "name": "1023211", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023211" }, { "name": "SSRT090249", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686" }, { "name": "39317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39317" }, { "name": "1023212", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023212" }, { "name": "SUSE-SA:2010:061", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html" }, { "name": "39127", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39127" }, { "name": "40545", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40545" }, { "name": "ADV-2010-3069", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3069" }, { "name": "[4.5] 010: SECURITY FIX: November 26, 2009", "tags": [ "vendor-advisory", "x_refsource_OPENBSD" ], "url": "http://openbsd.org/errata45.html#010_openssl" }, { "name": "1023210", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023210" }, { "name": "1023270", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023270" }, { "name": "40070", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40070" }, { "name": "1023273", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023273" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kbase.redhat.com/faq/docs/DOC-20491" }, { "name": "USN-927-5", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-927-5" }, { "name": "PM12247", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247" }, { "name": "SUSE-SU-2011:0847", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "name": "MDVSA-2010:089", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089" }, { "name": "RHSA-2010:0770", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20091111.txt" }, { "name": "1023275", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023275" }, { "name": "DSA-3253", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3253" }, { "name": "ADV-2009-3484", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3484" }, { "name": "1023207", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023207" }, { "name": "37859", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37859" }, { "name": "SSRT101846", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "name": "1021752", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1" }, { "name": "FEDORA-2010-6131", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html" }, { "name": "ADV-2010-0848", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0848" }, { "name": "[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3" }, { "name": "39819", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39819" }, { "name": "IC68055", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.links.org/?p=786" }, { "name": "60521", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/60521" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "name": "VU#120541", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/120541" }, { "name": "1023217", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023217" }, { "name": "RHSA-2010:0768", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html" }, { "name": "ADV-2009-3353", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3353" }, { "name": "FEDORA-2010-5357", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html" }, { "name": "39136", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39136" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html" }, { "name": "ADV-2011-0032", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "name": "1023148", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1023148" }, { "name": "openSUSE-SU-2011:0845", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "name": "36935", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/36935" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.tombom.co.uk/blog/?p=85" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "ADV-2010-1107", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1107" }, { "name": "1023218", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023218" }, { "name": "ADV-2010-1350", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1350" }, { "name": "RHSA-2010:0338", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" }, { "name": "42379", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42379" }, { "name": "FEDORA-2009-12775", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html" }, { "name": "20091109 Transport Layer Security Renegotiation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml" }, { "name": "IC67848", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848" }, { "name": "1023213", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023213" }, { "name": "FEDORA-2010-16240", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" }, { "name": "ADV-2010-1793", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1793" }, { "name": "oval:org.mitre.oval:def:11617", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617" }, { "tags": [ "x_refsource_MISC" ], "url": "http://extendedsubset.com/?p=8" }, { "name": "37292", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37292" }, { "name": "SSRT100817", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "tls-renegotiation-weak-security(54158)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158" }, { "name": "APPLE-SA-2010-05-18-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" }, { "name": "39278", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39278" }, { "name": "1023205", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023205" }, { "name": "RHSA-2010:0130", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html" }, { "name": "HPSBUX02482", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686" }, { "name": "HPSBHF03293", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4004" }, { "name": "1023215", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023215" }, { "name": "USN-1010-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1010-1" }, { "name": "1023206", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023206" }, { "name": "SUSE-SR:2010:011", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "name": "GLSA-200912-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml" }, { "name": "SSRT090180", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2" }, { "name": "ADV-2009-3313", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3313" }, { "name": "274990", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1" }, { "name": "1023208", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023208" }, { "name": "43308", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43308" }, { "name": "1023214", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023214" }, { "name": "SUSE-SA:2009:057", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html" }, { "name": "38781", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38781" }, { "name": "HPSBOV02762", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "name": "HPSBMA02534", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2" }, { "name": "DSA-1934", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2009/dsa-1934" }, { "name": "FEDORA-2009-12782", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html" }, { "name": "oval:org.mitre.oval:def:7478", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478" }, { "name": "1023271", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023271" }, { "name": "APPLE-SA-2010-01-19-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html" }, { "name": "[cryptography] 20091105 OpenSSL 0.9.8l released", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2" }, { "name": "42467", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42467" }, { "name": "20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:7315", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315" }, { "name": "1023224", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023224" }, { "name": "SUSE-SR:2010:013", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "name": "USN-927-4", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-927-4" }, { "name": "41490", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/41490" }, { "name": "20091124 rPSA-2009-0155-1 httpd mod_ssl", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded" }, { "name": "1023243", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023243" }, { "tags": [ "x_refsource_MISC" ], "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html" }, { "name": "37504", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37504" }, { "name": "1023219", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023219" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt" }, { "tags": [ "x_refsource_MISC" ], "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html" }, { "name": "1023163", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023163" }, { "name": "HPSBHF02706", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "ADV-2009-3521", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3521" }, { "name": "oval:org.mitre.oval:def:7973", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973" }, { "name": "HPSBMA02568", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "name": "oval:org.mitre.oval:def:10088", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088" }, { "name": "44183", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/44183" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES" }, { "name": "42808", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42808" }, { "name": "39500", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39500" }, { "name": "oval:org.mitre.oval:def:11578", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" }, { "name": "ADV-2009-3220", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3220" }, { "name": "SSRT100179", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "name": "SSRT100089", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2" }, { "name": "RHSA-2010:0165", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html" }, { "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded" }, { "name": "RHSA-2010:0987", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108" }, { "tags": [ "x_refsource_MISC" ], "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html" }, { "name": "1023411", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023411" }, { "name": "RHSA-2010:0339", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html" }, { "name": "RHSA-2010:0986", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html" }, { "name": "ADV-2009-3164", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3164" }, { "name": "37383", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37383" }, { "name": "FEDORA-2009-12229", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html" }, { "name": "44954", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/44954" }, { "name": "[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html" }, { "name": "HPSBUX02524", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/css/P8/documents/100070150" }, { "name": "40747", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40747" }, { "name": "HPSBUX02498", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2" }, { "name": "HPSBMU02759", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "39292", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39292" }, { "name": "42816", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42816" }, { "name": "IC68054", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054" }, { "name": "273029", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1" }, { "name": "FEDORA-2009-12604", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298" }, { "tags": [ "x_refsource_MISC" ], "url": "http://extendedsubset.com/Renegotiating_TLS.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4170" }, { "name": "20091118 TLS / SSLv3 vulnerability explained (DRAFT)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded" }, { "name": "1023209", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023209" }, { "name": "PM00675", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PM00675\u0026apar=only" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "48577", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48577" }, { "name": "SSA:2009-320-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.links.org/?p=789" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.opera.com/docs/changelogs/unix/1060/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html" }, { "name": "RHSA-2011:0880", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" }, { "name": "SUSE-SR:2010:008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" }, { "name": "[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3" }, { "name": "FEDORA-2009-12305", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155" }, { "name": "SUSE-SR:2010:012", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.citrix.com/article/CTX123359" }, { "name": "37501", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37501" }, { "name": "MDVSA-2010:076", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076" }, { "name": "HPSBUX02517", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2" }, { "name": "ADV-2009-3587", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3587" }, { "name": "39632", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39632" }, { "name": "SSRT090264", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2" }, { "name": "38687", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38687" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689" }, { "name": "MS10-049", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049" }, { "name": "ADV-2010-0982", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0982" }, { "name": "SSRT100825", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "name": "37399", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37399" }, { "name": "USN-927-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-927-1" }, { "name": "1023272", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023272" }, { "name": "FEDORA-2009-12606", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html" }, { "name": "ADV-2010-3126", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3126" }, { "name": "37320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37320" }, { "name": "ADV-2009-3165", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3165" }, { "name": "ADV-2010-1639", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1639" }, { "name": "38020", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38020" }, { "name": "USN-923-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://ubuntu.com/usn/usn-923-1" }, { "name": "39243", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39243" }, { "name": "oval:org.mitre.oval:def:8366", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366" }, { "name": "37453", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37453" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html" }, { "name": "ADV-2010-0933", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0933" }, { "name": "SSRT100219", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "name": "41972", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/41972" }, { "name": "ADV-2010-3086", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3086" }, { "name": "DSA-2141", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2011/dsa-2141" }, { "name": "1024789", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1024789" }, { "name": "RHSA-2010:0155", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html" }, { "name": "ADV-2011-0033", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0033" }, { "name": "RHSA-2010:0337", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" }, { "name": "1023216", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023216" }, { "name": "41480", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/41480" }, { "name": "ADV-2011-0086", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0086" }, { "name": "41818", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/41818" }, { "name": "37604", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37604" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.opera.com/support/search/view/944/" }, { "name": "[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2" }, { "name": "SUSE-SR:2010:024", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" }, { "name": "TA10-287A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.links.org/?p=780" }, { "name": "RHSA-2010:0119", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html" }, { "name": "38056", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38056" }, { "name": "ADV-2010-0748", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0748" }, { "name": "37675", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37675" }, { "name": "oval:org.mitre.oval:def:8535", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535" }, { "name": "HPSBMA02547", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "name": "SSRT100058", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html" }, { "name": "RHSA-2010:0786", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt" }, { "name": "38003", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38003" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4171" }, { "name": "1023428", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023428" }, { "name": "SSRT100613", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "[oss-security] 20091120 CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "name": "ADV-2009-3354", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3354" }, { "name": "1023274", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023274" }, { "name": "FEDORA-2009-12968", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html" }, { "name": "39242", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39242" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50" }, { "name": "38241", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38241" }, { "name": "42377", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42377" }, { "name": "GLSA-201203-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "name": "[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3" }, { "name": "SUSE-SR:2010:019", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" }, { "name": "60972", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/60972" }, { "name": "1023426", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023426" }, { "name": "38484", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38484" }, { "name": "MDVSA-2010:084", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.betanews.com/article/1257452450" }, { "name": "1021653", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html" }, { "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "name": "[4.6] 004: SECURITY FIX: November 26, 2009", "tags": [ "vendor-advisory", "x_refsource_OPENBSD" ], "url": "http://openbsd.org/errata46.html#004_openssl" }, { "name": "41967", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/41967" }, { "name": "RHSA-2010:0807", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html" }, { "name": "ADV-2010-1191", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1191" }, { "name": "20091111 Re: SSL/TLS MiTM PoC", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2009/Nov/139" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html" }, { "name": "[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5" }, { "name": "39713", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39713" }, { "name": "42733", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42733" }, { "name": "37291", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37291" }, { "name": "FEDORA-2010-16312", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" }, { "name": "FEDORA-2010-5942", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html" }, { "name": "ADV-2010-2745", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/2745" }, { "name": "273350", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1" }, { "name": "ADV-2010-0994", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0994" }, { "name": "ADV-2010-0173", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0173" }, { "name": "ADV-2010-1054", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1054" }, { "name": "65202", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/65202" }, { "name": "HPSBGN02562", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041" }, { "name": "FEDORA-2010-16294", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" }, { "name": "[gnutls-devel] 20091105 Re: TLS renegotiation MITM", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html" }, { "name": "20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://clicky.me/tlsvuln" }, { "name": "42811", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42811" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-3555", "datePublished": "2009-11-09T17:00:00", "dateReserved": "2009-10-05T00:00:00", "dateUpdated": "2024-08-07T06:31:10.430Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-4450
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1036019 | vdb-entry, x_refsource_SECTRACK | |
https://security.gentoo.org/glsa/201606-06 | vendor-advisory, x_refsource_GENTOO | |
http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html | mailing-list, x_refsource_MLIST | |
http://www.ubuntu.com/usn/USN-2991-1 | vendor-advisory, x_refsource_UBUNTU | |
http://www.debian.org/security/2016/dsa-3592 | vendor-advisory, x_refsource_DEBIAN | |
https://access.redhat.com/errata/RHSA-2016:1425 | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/90967 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T00:32:25.451Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1036019", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1036019" }, { "name": "GLSA-201606-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201606-06" }, { "name": "[nginx-announce] 20160531 nginx security advisory (CVE-2016-4450)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html" }, { "name": "USN-2991-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2991-1" }, { "name": "DSA-3592", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3592" }, { "name": "RHSA-2016:1425", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "name": "90967", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/90967" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-05-31T00:00:00", "descriptions": [ { "lang": "en", "value": "os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "1036019", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1036019" }, { "name": "GLSA-201606-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201606-06" }, { "name": "[nginx-announce] 20160531 nginx security advisory (CVE-2016-4450)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html" }, { "name": "USN-2991-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2991-1" }, { "name": "DSA-3592", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3592" }, { "name": "RHSA-2016:1425", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "name": "90967", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/90967" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-4450", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1036019", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036019" }, { "name": "GLSA-201606-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201606-06" }, { "name": "[nginx-announce] 20160531 nginx security advisory (CVE-2016-4450)", "refsource": "MLIST", "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html" }, { "name": "USN-2991-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2991-1" }, { "name": "DSA-3592", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3592" }, { "name": "RHSA-2016:1425", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "name": "90967", "refsource": "BID", "url": "http://www.securityfocus.com/bid/90967" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-4450", "datePublished": "2016-06-07T14:00:00", "dateReserved": "2016-05-02T00:00:00", "dateUpdated": "2024-08-06T00:32:25.451Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-3556
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=bugtraq&m=142103967620673&w=2 | vendor-advisory, x_refsource_HP | |
https://bugzilla.redhat.com/show_bug.cgi?id=1126891 | x_refsource_CONFIRM | |
http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html | mailing-list, x_refsource_MLIST | |
http://nginx.org/download/patch.2014.starttls.txt | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:50:17.339Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "HPSBOV03227", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126891" }, { "name": "[nginx-announce] 20140805 nginx security advisory (CVE-2014-3556)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nginx.org/download/patch.2014.starttls.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-08-05T00:00:00", "descriptions": [ { "lang": "en", "value": "The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2015-03-13T15:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "HPSBOV03227", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126891" }, { "name": "[nginx-announce] 20140805 nginx security advisory (CVE-2014-3556)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nginx.org/download/patch.2014.starttls.txt" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3556", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "HPSBOV03227", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1126891", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126891" }, { "name": "[nginx-announce] 20140805 nginx security advisory (CVE-2014-3556)", "refsource": "MLIST", "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html" }, { "name": "http://nginx.org/download/patch.2014.starttls.txt", "refsource": "CONFIRM", "url": "http://nginx.org/download/patch.2014.starttls.txt" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3556", "datePublished": "2014-12-29T20:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:17.339Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-2089
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/74831 | vdb-entry, x_refsource_XF | |
http://www.securitytracker.com/id?1026924 | vdb-entry, x_refsource_SECTRACK | |
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079474.html | vendor-advisory, x_refsource_FEDORA | |
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079467.html | vendor-advisory, x_refsource_FEDORA | |
http://nginx.org/en/security_advisories.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/52999 | vdb-entry, x_refsource_BID | |
http://www.openwall.com/lists/oss-security/2012/04/12/9 | mailing-list, x_refsource_MLIST | |
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079388.html | vendor-advisory, x_refsource_FEDORA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:26:07.239Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "nginx-ngxhttpmp4module-bo(74831)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74831" }, { "name": "1026924", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026924" }, { "name": "FEDORA-2012-6371", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079474.html" }, { "name": "FEDORA-2012-6411", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079467.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://nginx.org/en/security_advisories.html" }, { "name": "52999", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/52999" }, { "name": "[oss-security] 20120412 nginx security advisory: mp4 module vulnerability, CVE-2012-2089", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/04/12/9" }, { "name": "FEDORA-2012-6238", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079388.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-04-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-19T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "nginx-ngxhttpmp4module-bo(74831)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74831" }, { "name": "1026924", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026924" }, { "name": "FEDORA-2012-6371", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079474.html" }, { "name": "FEDORA-2012-6411", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079467.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://nginx.org/en/security_advisories.html" }, { "name": "52999", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/52999" }, { "name": "[oss-security] 20120412 nginx security advisory: mp4 module vulnerability, CVE-2012-2089", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/04/12/9" }, { "name": "FEDORA-2012-6238", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079388.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2089", "datePublished": "2012-04-17T21:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:07.239Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-3616
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html | mailing-list, x_refsource_MLIST | |
http://www.debian.org/security/2014/dsa-3029 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:50:17.280Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[nginx-announce] 20140916 nginx security advisory (CVE-2014-3616)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html" }, { "name": "DSA-3029", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-3029" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-09-16T00:00:00", "descriptions": [ { "lang": "en", "value": "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-12-08T05:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[nginx-announce] 20140916 nginx security advisory (CVE-2014-3616)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html" }, { "name": "DSA-3029", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-3029" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3616", "datePublished": "2014-12-08T11:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:17.280Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-16843
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2018/dsa-4335 | vendor-advisory, x_refsource_DEBIAN | |
https://access.redhat.com/errata/RHSA-2018:3680 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:3681 | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/105868 | vdb-entry, x_refsource_BID | |
http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html | x_refsource_MISC | |
http://www.securitytracker.com/id/1042038 | vdb-entry, x_refsource_SECTRACK | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16843 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2018:3653 | vendor-advisory, x_refsource_REDHAT | |
https://usn.ubuntu.com/3812-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html | vendor-advisory, x_refsource_SUSE | |
https://support.apple.com/kb/HT212818 | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2021/Sep/36 | mailing-list, x_refsource_FULLDISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:32:54.156Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4335", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4335" }, { "name": "RHSA-2018:3680", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3680" }, { "name": "RHSA-2018:3681", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3681" }, { "name": "105868", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105868" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "name": "1042038", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1042038" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16843" }, { "name": "RHSA-2018:3653", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3653" }, { "name": "USN-3812-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3812-1/" }, { "name": "openSUSE-SU-2019:2120", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "nginx", "vendor": "[UNKNOWN]", "versions": [ { "status": "affected", "version": "1.15.6" }, { "status": "affected", "version": "1.14.1" } ] } ], "datePublic": "2018-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the \u0027http2\u0027 option of the \u0027listen\u0027 directive is used in a configuration file." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-21T23:07:04", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-4335", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4335" }, { "name": "RHSA-2018:3680", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3680" }, { "name": "RHSA-2018:3681", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3681" }, { "name": "105868", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105868" }, { "tags": [ "x_refsource_MISC" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "name": "1042038", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1042038" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16843" }, { "name": "RHSA-2018:3653", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3653" }, { "name": "USN-3812-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3812-1/" }, { "name": "openSUSE-SU-2019:2120", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16843", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "nginx", "version": { "version_data": [ { "version_value": "1.15.6" }, { "version_value": "1.14.1" } ] } } ] }, "vendor_name": "[UNKNOWN]" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the \u0027http2\u0027 option of the \u0027listen\u0027 directive is used in a configuration file." } ] }, "impact": { "cvss": [ [ { "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4335", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4335" }, { "name": "RHSA-2018:3680", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3680" }, { "name": "RHSA-2018:3681", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3681" }, { "name": "105868", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105868" }, { "name": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html", "refsource": "MISC", "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "name": "1042038", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1042038" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16843", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16843" }, { "name": "RHSA-2018:3653", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3653" }, { "name": "USN-3812-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3812-1/" }, { "name": "openSUSE-SU-2019:2120", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "name": "https://support.apple.com/kb/HT212818", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-16843", "datePublished": "2018-11-07T14:00:00", "dateReserved": "2018-09-11T00:00:00", "dateUpdated": "2024-08-05T10:32:54.156Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }