All the vulnerabilites related to nginx - nginx
var-201602-0393
Vulnerability from variot
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. There are security vulnerabilities in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if the "resolver" directive is used in a configuration file.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.1-2.2+wheezy4.
For the stable distribution (jessie), these problems have been fixed in version 1.6.2-5+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1.9.10-1.
For the unstable distribution (sid), these problems have been fixed in version 1.9.10-1.
We recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).
Security Fix(es):
-
A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. (CVE-2016-4450)
-
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742)
-
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. (CVE-2016-0746)
-
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. (CVE-2016-0747)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2892-1 February 09, 2016
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx. (CVE-2016-0747)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.1 nginx-extras 1.9.3-1ubuntu1.1 nginx-full 1.9.3-1ubuntu1.1 nginx-light 1.9.3-1ubuntu1.1
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.4 nginx-extras 1.4.6-1ubuntu3.4 nginx-full 1.4.6-1ubuntu3.4 nginx-light 1.4.6-1ubuntu3.4 nginx-naxsi 1.4.6-1ubuntu3.4
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0393", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.6, "vendor": "debian", "version": "8.0" }, { "model": "leap", "scope": "eq", "trust": 1.4, "vendor": "novell", "version": "42.1" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.9.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.9.10" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "software collections", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.10" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.6.18" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.8.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.1" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.9.10" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.9.x" }, { "model": "gnu/linux", "scope": "eq", "trust": 0.8, "vendor": "debian", "version": "1.2" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "15.10" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "14.04 lts" }, { "model": "gnu/linux", "scope": "eq", "trust": 0.8, "vendor": "debian", "version": "8.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.6.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" } ], "sources": [ { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "db": "NVD", "id": "CVE-2016-0742" }, { "db": "CNNVD", "id": "CNNVD-201602-057" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.1", "versionStartIncluding": "0.6.18", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.9.10", "versionStartIncluding": "1.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-0742" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "82230" } ], "trust": 0.3 }, "cve": "CVE-2016-0742", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-0742", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-88252", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-0742", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2016-0742", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201602-057", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-88252", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-0742", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-88252" }, { "db": "VULMON", "id": "CVE-2016-0742" }, { "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "db": "NVD", "id": "CVE-2016-0742" }, { "db": "CNNVD", "id": "CNNVD-201602-057" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. There are security vulnerabilities in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if\nthe \"resolver\" directive is used in a configuration file. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.1-2.2+wheezy4. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.6.2-5+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.9.10-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.10-1. \n\nWe recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2016:1425-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1425\nIssue date: 2016-07-14\nCVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 \n CVE-2016-4450 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web and proxy server with a focus on high concurrency,\nperformance, and low memory usage. \n\nThe following packages have been upgraded to a newer upstream version:\nrh-nginx18-nginx (1.8.1). \n\nSecurity Fix(es):\n\n* A NULL pointer dereference flaw was found in the nginx code responsible\nfor saving client request body to a temporary file. (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and\ndereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME\nDNS records. \n(CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME\nDNS records. \n(CVE-2016-0747)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0742\nhttps://access.redhat.com/security/cve/CVE-2016-0746\nhttps://access.redhat.com/security/cve/CVE-2016-0747\nhttps://access.redhat.com/security/cve/CVE-2016-4450\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp\nZhbDRXs2sdXbnakZ6oJi/K8=\n=7RBd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2892-1\nFebruary 09, 2016\n\nnginx vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n(CVE-2016-0747)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n nginx-core 1.9.3-1ubuntu1.1\n nginx-extras 1.9.3-1ubuntu1.1\n nginx-full 1.9.3-1ubuntu1.1\n nginx-light 1.9.3-1ubuntu1.1\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.4\n nginx-extras 1.4.6-1ubuntu3.4\n nginx-full 1.4.6-1ubuntu3.4\n nginx-light 1.4.6-1ubuntu3.4\n nginx-naxsi 1.4.6-1ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"", "sources": [ { "db": "NVD", "id": "CVE-2016-0742" }, { "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "db": "BID", "id": "82230" }, { "db": "VULHUB", "id": "VHN-88252" }, { "db": "VULMON", "id": "CVE-2016-0742" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-0742", "trust": 3.4 }, { "db": "SECTRACK", "id": "1034869", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2016-001524", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201602-057", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "BID", "id": "82230", "trust": 0.4 }, { "db": "PACKETSTORM", "id": "137908", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "135684", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "137518", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "135738", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-88252", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-0742", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88252" }, { "db": "VULMON", "id": "CVE-2016-0742" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0742" }, { "db": "CNNVD", "id": "CNNVD-201602-057" } ] }, "id": "VAR-201602-0393", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-88252" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:49:52.047000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-3473", "trust": 0.8, "url": "http://www.debian.org/security/2016/dsa-3473" }, { "title": "openSUSE-SU-2016:0371", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "title": "Bug 1302587", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587" }, { "title": "USN-2892-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/usn-2892-1/" }, { "title": "nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html" }, { "title": "nginx resolver Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=60054" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2892-1" }, { "title": "Red Hat: CVE-2016-0742", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-0742" }, { "title": "Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=10ec4e6c24845a17d787b01f883e17a7" }, { "title": "Amazon Linux AMI: ALAS-2016-655", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-655" }, { "title": "Symantec Security Advisories: SA115 : Multiple nginx DNS resolver vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=4df1d4c41a5a305df81d1cff15b6d5a3" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-0742" }, { "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "db": "CNNVD", "id": "CNNVD-201602-057" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.1 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88252" }, { "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "db": "NVD", "id": "CVE-2016-0742" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://security.gentoo.org/glsa/201606-06" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2016:1425" }, { "trust": 1.9, "url": "http://www.ubuntu.com/usn/usn-2892-1" }, { "trust": 1.8, "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "trust": 1.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587" }, { "trust": 1.8, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.8, "url": "http://www.debian.org/security/2016/dsa-3473" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.8, "url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1034869" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0742" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0742" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.10431541.1444954692.1454065053" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.85903129.1444954692.1454065053" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.107423490.1444954692.1454065053" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237" }, { "trust": 0.3, "url": "https://support.asperasoft.com/hc/en-us/articles/229846687-security-bulletin-multiple-vulnerabilities-with-the-nginx-web-server-used-in-ibm-aspera-shares-1-9-2-earlier" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/476.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2892-1/" }, { "trust": 0.1, "url": "https://www.securityfocus.com/bid/82230" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0742" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0747" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0746" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4450" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.1, "url": "https://developer.apple.com/xcode/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.1, "url": "https://support.apple.com/ht212818." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529" } ], "sources": [ { "db": "VULHUB", "id": "VHN-88252" }, { "db": "VULMON", "id": "CVE-2016-0742" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0742" }, { "db": "CNNVD", "id": "CNNVD-201602-057" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-88252" }, { "db": "VULMON", "id": "CVE-2016-0742" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0742" }, { "db": "CNNVD", "id": "CNNVD-201602-057" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-15T00:00:00", "db": "VULHUB", "id": "VHN-88252" }, { "date": "2016-02-15T00:00:00", "db": "VULMON", "id": "CVE-2016-0742" }, { "date": "2016-01-29T00:00:00", "db": "BID", "id": "82230" }, { "date": "2016-03-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "date": "2016-02-12T19:22:00", "db": "PACKETSTORM", "id": "135738" }, { "date": "2016-07-14T20:08:00", "db": "PACKETSTORM", "id": "137908" }, { "date": "2016-06-17T23:50:23", "db": "PACKETSTORM", "id": "137518" }, { "date": "2016-02-10T03:55:35", "db": "PACKETSTORM", "id": "135684" }, { "date": "2021-09-22T16:28:58", "db": "PACKETSTORM", "id": "164240" }, { "date": "2016-02-15T19:59:00.107000", "db": "NVD", "id": "CVE-2016-0742" }, { "date": "2016-01-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201602-057" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-88252" }, { "date": "2021-09-22T00:00:00", "db": "VULMON", "id": "CVE-2016-0742" }, { "date": "2016-10-26T00:01:00", "db": "BID", "id": "82230" }, { "date": "2016-03-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001524" }, { "date": "2021-12-15T17:13:25.617000", "db": "NVD", "id": "CVE-2016-0742" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201602-057" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "CNNVD", "id": "CNNVD-201602-057" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Service disruption in other resolvers (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001524" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201602-057" } ], "trust": 0.6 } }
var-201412-0611
Vulnerability from variot
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party with certain rights, Virtual Host Confusion An attack may be executed. nginx is prone to a session-fixation vulnerability. An attacker can exploit this issue to hijack an arbitrary session or gain access to the sensitive information. This may aid in further attacks. nginx 0.5.6 through 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev.
For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy3.
For the testing distribution (jessie), this problem has been fixed in version 1.6.2-1.
For the unstable distribution (sid), this problem has been fixed in version 1.6.2-1.
We recommend that you upgrade your nginx packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJUHRscAAoJEAVMuPMTQ89EGuUP/iedSRE21l/sSyJRUxP5GIoC GjKzrIsbFFDHY9gKH0JUJbVc5ayeEciHLWY7cY119Rlim6/IPpd4T246y4QzPyYd W0tI7eAmmg2zOjCIafubvLHii+FYQ93xSn6Y09CEL9XiHmVxDHS/uDdCBcQKhKaI rXaVc+VAg+I396RcyE6houS1GTPoUmkhJkMKOu4HCutx6foXjT78wLFJEiFLAy9I vVPhZ1+En1PqaJgqry8FEwkreiNF+Lzjb1VLpQzvNzi21uRhz3sPDCy6Y2nkMEhV 4fdYZJKEJGHWC/cdZXCwu5T4lnAZWSB7QYa26yiaUraWO9SrqJw20HgN1YnuGTFf YbeG3qdhMjEYVsdyi0VARtw3yZXfy122/yE0vvaYv0HKFp4Nrzm/5NBysuO+Zcg2 zt422dH9O0bLasJp6lm3tcSzGkfME7Fz63X6/CNupzoFnXcVP+IQpEHYD53+S1mf 3CUPp8sFxauuWuCpMb7hbD8hzYzrPRxB6cRsdAoKxSqTUn+dPOZRFp84tRuW0U5c mBs7DfmfWnnscmTJ/gUbeES+Ac8Tfbrr1Rsz12vAs7onuXxHHH/NSihtsLGYQ17N xzgGSXfgAfnky2J5ZkTOTVE+LvKkoWQX3cq8a+t5JaZjGJZinDkU5CSTOyik80Nr dGeskBuPPhZC1qYrJkyI =XURr -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2351-1 September 22, 2014
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
nginx could be made to expose sensitive information over the network.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.1 nginx-extras 1.4.6-1ubuntu3.1 nginx-full 1.4.6-1ubuntu3.1 nginx-light 1.4.6-1ubuntu3.1 nginx-naxsi 1.4.6-1ubuntu3.1
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2351-1 CVE-2014-3616
Package Information: https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201502-06
http://security.gentoo.org/
Severity: Normal Title: nginx: Information disclosure Date: February 07, 2015 Bugs: #522994 ID: 201502-06
Synopsis
An SSL session fixation vulnerability in nginx may allow remote attackers to obtain sensitive information.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.7.6"
References
[ 1 ] CVE-2014-3616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3616
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201502-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616 http://advisories.mageia.org/MGASA-2014-0136.html http://advisories.mageia.org/MGASA-2014-0427.html
Updated Packages:
Mandriva Business Server 2/X86_64: f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0611", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.7.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.5.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.6.2" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.7.5" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.5.6 to 1.7.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.7.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.7.3" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.7.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.7.2" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.7.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.13" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.1.17" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.10" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.9" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.8" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.40" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.36" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.35" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.33" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.32" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.15" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.66" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.65" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.64" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.62" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.61" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.39" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.38" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.36" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.32" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.1.19" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.15" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" } ], "sources": [ { "db": "BID", "id": "70025" }, { "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "db": "NVD", "id": "CVE-2014-3616" }, { "db": "CNNVD", "id": "CNNVD-201410-1268" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6.2", "versionStartIncluding": "0.5.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.5", "versionStartIncluding": "1.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3616" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Antoine Delignat-Lavaud and Karthikeyan Bhargavan", "sources": [ { "db": "BID", "id": "70025" }, { "db": "CNNVD", "id": "CNNVD-201410-1268" } ], "trust": 0.9 }, "cve": "CVE-2014-3616", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2014-3616", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-71556", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3616", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201410-1268", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-71556", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-3616", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-71556" }, { "db": "VULMON", "id": "CVE-2014-3616" }, { "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "db": "NVD", "id": "CVE-2014-3616" }, { "db": "CNNVD", "id": "CNNVD-201410-1268" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party with certain rights, Virtual Host Confusion An attack may be executed. nginx is prone to a session-fixation vulnerability. \nAn attacker can exploit this issue to hijack an arbitrary session or gain access to the sensitive information. This may aid in further attacks. \nnginx 0.5.6 through 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.1-2.2+wheezy3. \n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.6.2-1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.2-1. \n\nWe recommend that you upgrade your nginx packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCgAGBQJUHRscAAoJEAVMuPMTQ89EGuUP/iedSRE21l/sSyJRUxP5GIoC\nGjKzrIsbFFDHY9gKH0JUJbVc5ayeEciHLWY7cY119Rlim6/IPpd4T246y4QzPyYd\nW0tI7eAmmg2zOjCIafubvLHii+FYQ93xSn6Y09CEL9XiHmVxDHS/uDdCBcQKhKaI\nrXaVc+VAg+I396RcyE6houS1GTPoUmkhJkMKOu4HCutx6foXjT78wLFJEiFLAy9I\nvVPhZ1+En1PqaJgqry8FEwkreiNF+Lzjb1VLpQzvNzi21uRhz3sPDCy6Y2nkMEhV\n4fdYZJKEJGHWC/cdZXCwu5T4lnAZWSB7QYa26yiaUraWO9SrqJw20HgN1YnuGTFf\nYbeG3qdhMjEYVsdyi0VARtw3yZXfy122/yE0vvaYv0HKFp4Nrzm/5NBysuO+Zcg2\nzt422dH9O0bLasJp6lm3tcSzGkfME7Fz63X6/CNupzoFnXcVP+IQpEHYD53+S1mf\n3CUPp8sFxauuWuCpMb7hbD8hzYzrPRxB6cRsdAoKxSqTUn+dPOZRFp84tRuW0U5c\nmBs7DfmfWnnscmTJ/gUbeES+Ac8Tfbrr1Rsz12vAs7onuXxHHH/NSihtsLGYQ17N\nxzgGSXfgAfnky2J5ZkTOTVE+LvKkoWQX3cq8a+t5JaZjGJZinDkU5CSTOyik80Nr\ndGeskBuPPhZC1qYrJkyI\n=XURr\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2351-1\nSeptember 22, 2014\n\nnginx vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n\nSummary:\n\nnginx could be made to expose sensitive information over the network. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.1\n nginx-extras 1.4.6-1ubuntu3.1\n nginx-full 1.4.6-1ubuntu3.1\n nginx-light 1.4.6-1ubuntu3.1\n nginx-naxsi 1.4.6-1ubuntu3.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2351-1\n CVE-2014-3616\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.1\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201502-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Information disclosure\n Date: February 07, 2015\n Bugs: #522994\n ID: 201502-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nAn SSL session fixation vulnerability in nginx may allow remote\nattackers to obtain sensitive information. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.7.6\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-3616\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3616\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201502-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616\n http://advisories.mageia.org/MGASA-2014-0136.html\n http://advisories.mageia.org/MGASA-2014-0427.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm \n 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security", "sources": [ { "db": "NVD", "id": "CVE-2014-3616" }, { "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "db": "BID", "id": "70025" }, { "db": "VULHUB", "id": "VHN-71556" }, { "db": "VULMON", "id": "CVE-2014-3616" }, { "db": "PACKETSTORM", "id": "128332" }, { "db": "PACKETSTORM", "id": "128328" }, { "db": "PACKETSTORM", "id": "130278" }, { "db": "PACKETSTORM", "id": "131099" } ], "trust": 2.43 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-71556", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-71556" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3616", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2014-005829", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201410-1268", "trust": 0.7 }, { "db": "BID", "id": "70025", "trust": 0.5 }, { "db": "PACKETSTORM", "id": "128332", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "130278", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "128328", "trust": 0.2 }, { "db": "SEEBUG", "id": "SSVID-89321", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-71556", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2014-3616", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131099", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-71556" }, { "db": "VULMON", "id": "CVE-2014-3616" }, { "db": "BID", "id": "70025" }, { "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "db": "PACKETSTORM", "id": "128332" }, { "db": "PACKETSTORM", "id": "128328" }, { "db": "PACKETSTORM", "id": "130278" }, { "db": "PACKETSTORM", "id": "131099" }, { "db": "NVD", "id": "CVE-2014-3616" }, { "db": "CNNVD", "id": "CNNVD-201410-1268" } ] }, "id": "VAR-201412-0611", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-71556" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T12:51:48.251000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-3029", "trust": 0.8, "url": "http://www.debian.org/security/2014/dsa-3029" }, { "title": "CVE-2014-3616", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html" }, { "title": "nginx-1.7.5", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=55253" }, { "title": "nginx-1.7.5", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=55252" }, { "title": "Ubuntu Security Notice: nginx vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2351-1" }, { "title": "Debian Security Advisories: DSA-3029-1 nginx -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=3dd41a089230b0ac4671d1b4ec4d3881" }, { "title": "Debian CVElist Bug Report Logs: nginx:CVE-2014-3616: possible to reuse cached SSL sessions in unrelated contexts", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=703629f55868e4fc7623e469fe23486b" }, { "title": "Amazon Linux AMI: ALAS-2014-421", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-421" }, { "title": "Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=10ec4e6c24845a17d787b01f883e17a7" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3616" }, { "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "db": "CNNVD", "id": "CNNVD-201410-1268" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-613", "trust": 1.1 }, { "problemtype": "CWE-Other", "trust": 0.8 }, { "problemtype": "CWE-284", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-71556" }, { "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "db": "NVD", "id": "CVE-2014-3616" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://www.debian.org/security/2014/dsa-3029" }, { "trust": 1.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3616" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3616" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3616" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/613.html" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2351-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.securityfocus.com/bid/70025" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2351-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.1" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201502-06.xml" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3616" }, { "trust": 0.1, "url": "http://advisories.mageia.org/mgasa-2014-0136.html" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0133" }, { "trust": 0.1, "url": "http://advisories.mageia.org/mgasa-2014-0427.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0133" } ], "sources": [ { "db": "VULHUB", "id": "VHN-71556" }, { "db": "VULMON", "id": "CVE-2014-3616" }, { "db": "BID", "id": "70025" }, { "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "db": "PACKETSTORM", "id": "128332" }, { "db": "PACKETSTORM", "id": "128328" }, { "db": "PACKETSTORM", "id": "130278" }, { "db": "PACKETSTORM", "id": "131099" }, { "db": "NVD", "id": "CVE-2014-3616" }, { "db": "CNNVD", "id": "CNNVD-201410-1268" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-71556" }, { "db": "VULMON", "id": "CVE-2014-3616" }, { "db": "BID", "id": "70025" }, { "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "db": "PACKETSTORM", "id": "128332" }, { "db": "PACKETSTORM", "id": "128328" }, { "db": "PACKETSTORM", "id": "130278" }, { "db": "PACKETSTORM", "id": "131099" }, { "db": "NVD", "id": "CVE-2014-3616" }, { "db": "CNNVD", "id": "CNNVD-201410-1268" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-08T00:00:00", "db": "VULHUB", "id": "VHN-71556" }, { "date": "2014-12-08T00:00:00", "db": "VULMON", "id": "CVE-2014-3616" }, { "date": "2014-08-06T00:00:00", "db": "BID", "id": "70025" }, { "date": "2014-12-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "date": "2014-09-22T20:19:12", "db": "PACKETSTORM", "id": "128332" }, { "date": "2014-09-22T20:18:28", "db": "PACKETSTORM", "id": "128328" }, { "date": "2015-02-09T17:00:47", "db": "PACKETSTORM", "id": "130278" }, { "date": "2015-03-30T21:26:01", "db": "PACKETSTORM", "id": "131099" }, { "date": "2014-12-08T11:59:03.390000", "db": "NVD", "id": "CVE-2014-3616" }, { "date": "2014-08-06T00:00:00", "db": "CNNVD", "id": "CNNVD-201410-1268" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-71556" }, { "date": "2020-11-16T00:00:00", "db": "VULMON", "id": "CVE-2014-3616" }, { "date": "2015-04-13T21:39:00", "db": "BID", "id": "70025" }, { "date": "2014-12-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-005829" }, { "date": "2021-11-10T15:59:33.287000", "db": "NVD", "id": "CVE-2014-3616" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201410-1268" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "130278" }, { "db": "CNNVD", "id": "CNNVD-201410-1268" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx In Virtual Host Confusion Attacked vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-005829" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201410-1268" } ], "trust": 0.6 } }
var-201707-1309
Vulnerability from variot
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. nginx is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to obtain sensitive information or may crash the application resulting in a denial-of-service condition. nginx 0.5.6 through 1.13.2 are vulnerable. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The range filter module is one of the range filter modules.
For the oldstable distribution (jessie), this problem has been fixed in version 1.6.2-5+deb8u5.
For the stable distribution (stretch), this problem has been fixed in version 1.10.3-1+deb9u1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your nginx packages.
Ubuntu Security Notice USN-3352-1 July 13, 2017
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
nginx could be made to expose sensitive information over the network. A remote attacker could use this to expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: nginx-common 1.10.3-1ubuntu3.1 nginx-core 1.10.3-1ubuntu3.1 nginx-extras 1.10.3-1ubuntu3.1 nginx-full 1.10.3-1ubuntu3.1 nginx-light 1.10.3-1ubuntu3.1
Ubuntu 16.10: nginx-common 1.10.1-0ubuntu1.3 nginx-core 1.10.1-0ubuntu1.3 nginx-extras 1.10.1-0ubuntu1.3 nginx-full 1.10.1-0ubuntu1.3 nginx-light 1.10.1-0ubuntu1.3
Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.2 nginx-core 1.10.3-0ubuntu0.16.04.2 nginx-extras 1.10.3-0ubuntu0.16.04.2 nginx-full 1.10.3-0ubuntu0.16.04.2 nginx-light 1.10.3-0ubuntu0.16.04.2
Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.8 nginx-core 1.4.6-1ubuntu3.8 nginx-extras 1.4.6-1ubuntu3.8 nginx-full 1.4.6-1ubuntu3.8 nginx-light 1.4.6-1ubuntu3.8
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Low: rh-nginx110-nginx security update Advisory ID: RHSA-2017:2538-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:2538 Issue date: 2017-08-28 CVE Names: CVE-2017-7529 =====================================================================
- Summary:
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529)
Red Hat would like to thank the Nginx project for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-7529 https://access.redhat.com/security/updates/classification/#low
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZpJOQXlSAg2UNWIIRAmScAJ4wJSfq0I+2JBvww6c9AkJKZx4YAACdHwbT Rf+yBkpEe91OHNNto3rboqM= =rlDh -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201707-1309", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.12.1" }, { "model": "enterprise", "scope": "lte", "trust": 1.0, "vendor": "puppet", "version": "2017.1.1" }, { "model": "enterprise", "scope": "lte", "trust": 1.0, "vendor": "puppet", "version": "2017.2.3" }, { "model": "enterprise", "scope": "gte", "trust": 1.0, "vendor": "puppet", "version": "2017.1.0" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.13.2" }, { "model": "enterprise", "scope": "gte", "trust": 1.0, "vendor": "puppet", "version": "2017.2.1" }, { "model": "enterprise", "scope": "lt", "trust": 1.0, "vendor": "puppet", "version": "2016.4.7" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.13.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.9, "vendor": "nginx", "version": "1.11.12" }, { "model": "nginx", "scope": null, "trust": 0.8, "vendor": "igor sysoev", "version": null }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.11.10" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.13.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.11.13" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.11.9" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.13.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.11.8" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.13.2" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.11.11" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.11.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.9.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.8.55" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.8.36" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.7.69" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.6.39" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.6.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.0" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.13.3" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.12.1" } ], "sources": [ { "db": "BID", "id": "99534" }, { "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "db": "NVD", "id": "CVE-2017-7529" }, { "db": "CNNVD", "id": "CNNVD-201707-563" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.12.1", "versionStartIncluding": "0.5.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.13.2", "versionStartIncluding": "1.13.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2017.1.1", "versionStartIncluding": "2017.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2017.2.3", "versionStartIncluding": "2017.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2016.4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-7529" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "99534" } ], "trust": 0.3 }, "cve": "CVE-2017-7529", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2017-7529", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-115732", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2017-7529", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-7529", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201707-563", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-115732", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2017-7529", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-115732" }, { "db": "VULMON", "id": "CVE-2017-7529" }, { "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "db": "NVD", "id": "CVE-2017-7529" }, { "db": "CNNVD", "id": "CNNVD-201707-563" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. nginx is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAttackers can exploit this issue to obtain sensitive information or may crash the application resulting in a denial-of-service condition. \nnginx 0.5.6 through 1.13.2 are vulnerable. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The range filter module is one of the range filter modules. \n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.6.2-5+deb8u5. \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.10.3-1+deb9u1. \n\nFor the unstable distribution (sid), this problem will be fixed soon. \n\nWe recommend that you upgrade your nginx packages. \n==========================================================================\nUbuntu Security Notice USN-3352-1\nJuly 13, 2017\n\nnginx vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nnginx could be made to expose sensitive information over the network. A remote attacker could use this to expose\nsensitive information. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n nginx-common 1.10.3-1ubuntu3.1\n nginx-core 1.10.3-1ubuntu3.1\n nginx-extras 1.10.3-1ubuntu3.1\n nginx-full 1.10.3-1ubuntu3.1\n nginx-light 1.10.3-1ubuntu3.1\n\nUbuntu 16.10:\n nginx-common 1.10.1-0ubuntu1.3\n nginx-core 1.10.1-0ubuntu1.3\n nginx-extras 1.10.1-0ubuntu1.3\n nginx-full 1.10.1-0ubuntu1.3\n nginx-light 1.10.1-0ubuntu1.3\n\nUbuntu 16.04 LTS:\n nginx-common 1.10.3-0ubuntu0.16.04.2\n nginx-core 1.10.3-0ubuntu0.16.04.2\n nginx-extras 1.10.3-0ubuntu0.16.04.2\n nginx-full 1.10.3-0ubuntu0.16.04.2\n nginx-light 1.10.3-0ubuntu0.16.04.2\n\nUbuntu 14.04 LTS:\n nginx-common 1.4.6-1ubuntu3.8\n nginx-core 1.4.6-1ubuntu3.8\n nginx-extras 1.4.6-1ubuntu3.8\n nginx-full 1.4.6-1ubuntu3.8\n nginx-light 1.4.6-1ubuntu3.8\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: rh-nginx110-nginx security update\nAdvisory ID: RHSA-2017:2538-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2538\nIssue date: 2017-08-28\nCVE Names: CVE-2017-7529 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx110-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and\nIMAP protocols, with a strong focus on high concurrency, performance and\nlow memory usage. A remote attacker could possibly\nexploit this flaw to disclose parts of the cache file header, or, if used\nin combination with third party modules, disclose potentially sensitive\nmemory by sending specially crafted HTTP requests. (CVE-2017-7529)\n\nRed Hat would like to thank the Nginx project for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-7529\nhttps://access.redhat.com/security/updates/classification/#low\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZpJOQXlSAg2UNWIIRAmScAJ4wJSfq0I+2JBvww6c9AkJKZx4YAACdHwbT\nRf+yBkpEe91OHNNto3rboqM=\n=rlDh\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"", "sources": [ { "db": "NVD", "id": "CVE-2017-7529" }, { "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "db": "BID", "id": "99534" }, { "db": "VULHUB", "id": "VHN-115732" }, { "db": "VULMON", "id": "CVE-2017-7529" }, { "db": "PACKETSTORM", "id": "143348" }, { "db": "PACKETSTORM", "id": "143347" }, { "db": "PACKETSTORM", "id": "143935" }, { "db": "PACKETSTORM", "id": "164240" } ], "trust": 2.43 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-115732", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-115732" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-7529", "trust": 3.3 }, { "db": "BID", "id": "99534", "trust": 2.0 }, { "db": "SECTRACK", "id": "1039238", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2017-006088", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201707-563", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1701", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "143935", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "143348", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "143347", "trust": 0.2 }, { "db": "SEEBUG", "id": "SSVID-96273", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-115732", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2017-7529", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-115732" }, { "db": "VULMON", "id": "CVE-2017-7529" }, { "db": "BID", "id": "99534" }, { "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "db": "PACKETSTORM", "id": "143348" }, { "db": "PACKETSTORM", "id": "143347" }, { "db": "PACKETSTORM", "id": "143935" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2017-7529" }, { "db": "CNNVD", "id": "CNNVD-201707-563" } ] }, "id": "VAR-201707-1309", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-115732" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:53:03.181000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2017-7529", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" }, { "title": "Nginx range filter Fixes for module digital error vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=71698" }, { "title": "Ubuntu Security Notice: nginx vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3352-1" }, { "title": "Debian Security Advisories: DSA-3908-1 nginx -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=704f48ff7bd09792912d23527ab54543" }, { "title": "Debian CVElist Bug Report Logs: nginx: CVE-2017-7529 Integer overflow in the range filter", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a0f173670cb05b0faed5127f8a0445b1" }, { "title": "Amazon Linux AMI: ALAS-2017-894", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-894" }, { "title": "Red Hat: CVE-2017-7529", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-7529" }, { "title": "Arch Linux Advisories: [ASA-201707-12] nginx-mainline: information disclosure", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201707-12" }, { "title": "Arch Linux Advisories: [ASA-201707-11] nginx: information disclosure", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201707-11" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-7529" }, { "title": "nginxpwner", "trust": 0.1, "url": "https://github.com/stark0de/nginxpwner " }, { "title": "cve-2017-7529", "trust": 0.1, "url": "https://github.com/cved-sources/cve-2017-7529 " }, { "title": "nginx-CVE-2017-7529", "trust": 0.1, "url": "https://github.com/cyberharsh/nginx-cve-2017-7529 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-7529" }, { "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "db": "CNNVD", "id": "CNNVD-201707-563" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-190", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-115732" }, { "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "db": "NVD", "id": "CVE-2017-7529" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2017:2538" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/99534" }, { "trust": 1.7, "url": "https://puppet.com/security/cve/cve-2017-7529" }, { "trust": 1.7, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1039238" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7529" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1701/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://nginx.org/#2017-07-11" }, { "trust": 0.3, "url": "http://nginx.org/en/security_advisories.html" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.ubuntu.com/usn/usn-3352-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-1ubuntu3.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.8" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.10.1-0ubuntu1.3" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-7529" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.1, "url": "https://developer.apple.com/xcode/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747" }, { "trust": 0.1, "url": "https://support.apple.com/ht212818." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742" } ], "sources": [ { "db": "VULHUB", "id": "VHN-115732" }, { "db": "BID", "id": "99534" }, { "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "db": "PACKETSTORM", "id": "143348" }, { "db": "PACKETSTORM", "id": "143347" }, { "db": "PACKETSTORM", "id": "143935" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2017-7529" }, { "db": "CNNVD", "id": "CNNVD-201707-563" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-115732" }, { "db": "VULMON", "id": "CVE-2017-7529" }, { "db": "BID", "id": "99534" }, { "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "db": "PACKETSTORM", "id": "143348" }, { "db": "PACKETSTORM", "id": "143347" }, { "db": "PACKETSTORM", "id": "143935" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2017-7529" }, { "db": "CNNVD", "id": "CNNVD-201707-563" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-07-13T00:00:00", "db": "VULHUB", "id": "VHN-115732" }, { "date": "2017-07-13T00:00:00", "db": "VULMON", "id": "CVE-2017-7529" }, { "date": "2017-07-11T00:00:00", "db": "BID", "id": "99534" }, { "date": "2017-08-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "date": "2017-07-14T02:16:01", "db": "PACKETSTORM", "id": "143348" }, { "date": "2017-07-14T02:15:51", "db": "PACKETSTORM", "id": "143347" }, { "date": "2017-08-28T21:24:00", "db": "PACKETSTORM", "id": "143935" }, { "date": "2021-09-22T16:28:58", "db": "PACKETSTORM", "id": "164240" }, { "date": "2017-07-13T13:29:00.220000", "db": "NVD", "id": "CVE-2017-7529" }, { "date": "2017-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201707-563" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-115732" }, { "date": "2022-01-24T00:00:00", "db": "VULMON", "id": "CVE-2017-7529" }, { "date": "2017-07-11T00:00:00", "db": "BID", "id": "99534" }, { "date": "2017-08-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-006088" }, { "date": "2022-01-24T16:46:04.030000", "db": "NVD", "id": "CVE-2017-7529" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201707-563" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "143347" }, { "db": "PACKETSTORM", "id": "143935" }, { "db": "CNNVD", "id": "CNNVD-201707-563" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nginx of range filter Module integer overflow vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-006088" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201707-563" } ], "trust": 0.6 } }
var-201005-0437
Vulnerability from variot
Nginx is a high-performance web server that is widely used. It is not only often used as a reverse proxy, but also very well supported for PHP. 80sec found that there is a more serious security problem. By default, any type of file may be parsed in PHP by server error. The attacker can execute arbitrary PHP code with WEB permission. Nginx supports php running by default in cgi mode, such as location ~ \.php$ {root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;include fastcgi_params; The } method supports the parsing of php. When the location selects the request, it uses the URI environment variable to select. The key variable SCRIPT_FILENAME passed to the backend Fastcgi is determined by the $fastcgi_script_name generated by nginx, and the analysis can be seen by $fastcgi_script_name It is directly controlled by the URI environment variable, here is the point where the problem occurs. In order to better support the extraction of PATH_INFO, the cgi.fix_pathinfo option exists in the PHP configuration options, the purpose is to extract the real script name from SCRIPT_FILENAME. So suppose there is a http://www.80sec.com/80sec.jpg, you can visit http://www.80sec.com/80sec.jpg/80sec.php in the following way. nginx is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. The issue affects nginx 0.6.36 and prior
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201005-0437", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": null, "trust": 0.6, "vendor": "nginx", "version": null }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.36" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.32" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-0917" }, { "db": "BID", "id": "40420" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "cp77fk4r", "sources": [ { "db": "BID", "id": "40420" } ], "trust": 0.3 }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nginx is a high-performance web server that is widely used. It is not only often used as a reverse proxy, but also very well supported for PHP. 80sec found that there is a more serious security problem. By default, any type of file may be parsed in PHP by server error. The attacker can execute arbitrary PHP code with WEB permission. Nginx supports php running by default in cgi mode, such as location ~ \\\\.php$ {root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;include fastcgi_params; The } method supports the parsing of php. When the location selects the request, it uses the URI environment variable to select. The key variable SCRIPT_FILENAME passed to the backend Fastcgi is determined by the $fastcgi_script_name generated by nginx, and the analysis can be seen by $fastcgi_script_name It is directly controlled by the URI environment variable, here is the point where the problem occurs. In order to better support the extraction of PATH_INFO, the cgi.fix_pathinfo option exists in the PHP configuration options, the purpose is to extract the real script name from SCRIPT_FILENAME. So suppose there is a http://www.80sec.com/80sec.jpg, you can visit http://www.80sec.com/80sec.jpg/80sec.php in the following way. nginx is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. \nExploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. \nThe issue affects nginx 0.6.36 and prior", "sources": [ { "db": "CNVD", "id": "CNVD-2010-0917" }, { "db": "BID", "id": "40420" } ], "trust": 0.81 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "BID", "id": "40420", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2010-0917", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-0917" }, { "db": "BID", "id": "40420" } ] }, "id": "VAR-201005-0437", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2010-0917" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-0917" } ] }, "last_update_date": "2022-05-17T01:41:43.694000Z", "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 0.6, "url": "http://www.80sec.com/nginx-securit.html" }, { "trust": 0.3, "url": "http://nginx.org/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-0917" }, { "db": "BID", "id": "40420" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2010-0917" }, { "db": "BID", "id": "40420" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-05-20T00:00:00", "db": "CNVD", "id": "CNVD-2010-0917" }, { "date": "2010-05-20T00:00:00", "db": "BID", "id": "40420" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-05-20T00:00:00", "db": "CNVD", "id": "CNVD-2010-0917" }, { "date": "2010-05-28T16:30:00", "db": "BID", "id": "40420" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "40420" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nginx file type error parsing vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2010-0917" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input Validation Error", "sources": [ { "db": "BID", "id": "40420" } ], "trust": 0.3 } }
var-201811-0986
Vulnerability from variot
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Versions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev.
For the stable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u2.
We recommend that you upgrade your nginx packages. ========================================================================== Ubuntu Security Notice USN-3812-1 November 07, 2018
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx.
Software Description: - nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)
Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16844)
It was discovered that nginx incorrectly handled the ngx_http_mp4_module module. A remote attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2018-16845)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: nginx-common 1.15.5-0ubuntu2.1 nginx-core 1.15.5-0ubuntu2.1 nginx-extras 1.15.5-0ubuntu2.1 nginx-full 1.15.5-0ubuntu2.1 nginx-light 1.15.5-0ubuntu2.1
Ubuntu 18.04 LTS: nginx-common 1.14.0-0ubuntu1.2 nginx-core 1.14.0-0ubuntu1.2 nginx-extras 1.14.0-0ubuntu1.2 nginx-full 1.14.0-0ubuntu1.2 nginx-light 1.14.0-0ubuntu1.2
Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.3 nginx-core 1.10.3-0ubuntu0.16.04.3 nginx-extras 1.10.3-0ubuntu0.16.04.3 nginx-full 1.10.3-0ubuntu0.16.04.3 nginx-light 1.10.3-0ubuntu0.16.04.3
Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.9 nginx-core 1.4.6-1ubuntu3.9 nginx-extras 1.4.6-1ubuntu3.9 nginx-full 1.4.6-1ubuntu3.9 nginx-light 1.4.6-1ubuntu3.9
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx114-nginx security update Advisory ID: RHSA-2018:3681-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3681 Issue date: 2018-11-27 CVE Names: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 ==================================================================== 1. Summary:
An update for rh-nginx114-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a later upstream version: rh-nginx114-nginx (1.14.1).
Red Hat would like to thank the Nginx project for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx114-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
aarch64: rh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
aarch64: rh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16843 https://access.redhat.com/security/cve/CVE-2018-16844 https://access.redhat.com/security/cve/CVE-2018-16845 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW/0L0tzjgjWX9erEAQi/dA//TeRNgNBL26V6hp7bf1NojNPyPdOdgyEb VvJJMTCvsafmFT15/SzElx34Dy6OLqqreBkNj39zMH9fK64CS3XhjEAyazyp+kMO SEXRR8+0f1ZLcHRkR0ODWKqXI9yFYAWLjrq8pXw2877P8DrR2qm8O+e6HqFXU11w nIWJB/AvnoX2bAlXXkXfN4nX712bPXp435vI5YRizho+/Ihb/mRlWMx+Bn8ma/xW J793HiOmdZrugXTvn/34A8vPY04wRcn6tPhMzob6FT/CBLhsTXUmBbQxQUnNboaJ oaaf/RD+IIpgqpxEk41p+Jtq5SiOfQ9KB9gbyzXpaarjZwYLm3BwrpnIES6Cd3BM ScqMrIthu/9ZOQLpPET6ypuBYU53xwPHlhBBNnA+MGjz4mrvzc7WTgoFsV1VFAfY 3TXlFkfv6cRV5IEoHa4GBaR+1g2lzvi8iirep09bqtv5VFJsD+RwspY1OZOVB4st fXXSzVsWuzFGFYkFBTyuKzJkhBrl3BHjK8VRuBlNTBMvLa5Q+YmOmzAQAmmKoZYn JeBulCz6hSJ8lHN8GiQxkqeOMZz3XUe0L4mAdkk+UqBxUrB16nDRxBUVpqMbulJl IyAqBeA4ekIvf376D6Jh0VDEkLfpesjoFACdVwdjKzLJI9e7ljut81rwmCtmWT7i vpRowVLRFpwoP7 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0986", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.15.6" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.14.1" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.15.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.9.5" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.10" }, { "model": "nginx", "scope": "eq", "trust": 0.9, "vendor": "nginx", "version": "1.0.9" }, { "model": "nginx", "scope": "eq", "trust": 0.9, "vendor": "nginx", "version": "1.0.8" }, { "model": "nginx", "scope": "eq", "trust": 0.9, "vendor": "nginx", "version": "1.0.7" }, { "model": "ubuntu", "scope": null, "trust": 0.8, "vendor": "canonical", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.14.1" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.15.6" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.0.6" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.0.5" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.0.4" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "software collections for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.15.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.13.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.10" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.15.6" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.14.1" } ], "sources": [ { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.14.1", "versionStartIncluding": "1.9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.15.6", "versionStartIncluding": "1.15.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-16844" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Gal Goldshtein from F5 Networks, and Maxim Konovalov (Nginx)", "sources": [ { "db": "BID", "id": "105868" } ], "trust": 0.3 }, "cve": "CVE-2018-16844", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-16844", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-127244", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "secalert@redhat.com", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-16844", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-16844", "trust": 1.8, "value": "HIGH" }, { "author": "secalert@redhat.com", "id": "CVE-2018-16844", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201811-120", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-127244", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-16844", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-127244" }, { "db": "VULMON", "id": "CVE-2018-16844" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the \u0027http2\u0027 option of the \u0027listen\u0027 directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. \nVersions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2. \n\nWe recommend that you upgrade your nginx packages. ==========================================================================\nUbuntu Security Notice USN-3812-1\nNovember 07, 2018\n\nnginx vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nIt was discovered that nginx incorrectly handled the HTTP/2 implementation. \nA remote attacker could possibly use this issue to cause excessive memory\nconsumption, leading to a denial of service. This issue only affected\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)\n\nGal Goldshtein discovered that nginx incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nexcessive CPU usage, leading to a denial of service. This issue only\naffected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. \n(CVE-2018-16844)\n\nIt was discovered that nginx incorrectly handled the ngx_http_mp4_module\nmodule. A remote attacker could possibly use this issue with a specially\ncrafted mp4 file to cause nginx to crash, stop responding, or access\narbitrary memory. (CVE-2018-16845)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n nginx-common 1.15.5-0ubuntu2.1\n nginx-core 1.15.5-0ubuntu2.1\n nginx-extras 1.15.5-0ubuntu2.1\n nginx-full 1.15.5-0ubuntu2.1\n nginx-light 1.15.5-0ubuntu2.1\n\nUbuntu 18.04 LTS:\n nginx-common 1.14.0-0ubuntu1.2\n nginx-core 1.14.0-0ubuntu1.2\n nginx-extras 1.14.0-0ubuntu1.2\n nginx-full 1.14.0-0ubuntu1.2\n nginx-light 1.14.0-0ubuntu1.2\n\nUbuntu 16.04 LTS:\n nginx-common 1.10.3-0ubuntu0.16.04.3\n nginx-core 1.10.3-0ubuntu0.16.04.3\n nginx-extras 1.10.3-0ubuntu0.16.04.3\n nginx-full 1.10.3-0ubuntu0.16.04.3\n nginx-light 1.10.3-0ubuntu0.16.04.3\n\nUbuntu 14.04 LTS:\n nginx-common 1.4.6-1ubuntu3.9\n nginx-core 1.4.6-1ubuntu3.9\n nginx-extras 1.4.6-1ubuntu3.9\n nginx-full 1.4.6-1ubuntu3.9\n nginx-light 1.4.6-1ubuntu3.9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx114-nginx security update\nAdvisory ID: RHSA-2018:3681-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3681\nIssue date: 2018-11-27\nCVE Names: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845\n====================================================================\n1. Summary:\n\nAn update for rh-nginx114-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nginx114-nginx (1.14.1). \n\nRed Hat would like to thank the Nginx project for reporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx114-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16843\nhttps://access.redhat.com/security/cve/CVE-2018-16844\nhttps://access.redhat.com/security/cve/CVE-2018-16845\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/0L0tzjgjWX9erEAQi/dA//TeRNgNBL26V6hp7bf1NojNPyPdOdgyEb\nVvJJMTCvsafmFT15/SzElx34Dy6OLqqreBkNj39zMH9fK64CS3XhjEAyazyp+kMO\nSEXRR8+0f1ZLcHRkR0ODWKqXI9yFYAWLjrq8pXw2877P8DrR2qm8O+e6HqFXU11w\nnIWJB/AvnoX2bAlXXkXfN4nX712bPXp435vI5YRizho+/Ihb/mRlWMx+Bn8ma/xW\nJ793HiOmdZrugXTvn/34A8vPY04wRcn6tPhMzob6FT/CBLhsTXUmBbQxQUnNboaJ\noaaf/RD+IIpgqpxEk41p+Jtq5SiOfQ9KB9gbyzXpaarjZwYLm3BwrpnIES6Cd3BM\nScqMrIthu/9ZOQLpPET6ypuBYU53xwPHlhBBNnA+MGjz4mrvzc7WTgoFsV1VFAfY\n3TXlFkfv6cRV5IEoHa4GBaR+1g2lzvi8iirep09bqtv5VFJsD+RwspY1OZOVB4st\nfXXSzVsWuzFGFYkFBTyuKzJkhBrl3BHjK8VRuBlNTBMvLa5Q+YmOmzAQAmmKoZYn\nJeBulCz6hSJ8lHN8GiQxkqeOMZz3XUe0L4mAdkk+UqBxUrB16nDRxBUVpqMbulJl\nIyAqBeA4ekIvf376D6Jh0VDEkLfpesjoFACdVwdjKzLJI9e7ljut81rwmCtmWT7i\nvpRowVLRFpwoP7\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"", "sources": [ { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "BID", "id": "105868" }, { "db": "VULHUB", "id": "VHN-127244" }, { "db": "VULMON", "id": "CVE-2018-16844" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "164240" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-16844", "trust": 3.4 }, { "db": "BID", "id": "105868", "trust": 2.0 }, { "db": "SECTRACK", "id": "1042038", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2018-011776", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201811-120", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3384", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0451", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042571", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-127244", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-16844", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150214", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150480", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150481", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127244" }, { "db": "VULMON", "id": "CVE-2018-16844" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "id": "VAR-201811-0986", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-127244" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:39:52.652000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-4335", "trust": 0.8, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "title": "USN-3812-1", "trust": 0.8, "url": "https://usn.ubuntu.com/3812-1/" }, { "title": "CVE-2018-16843, CVE-2018-16844", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "title": "Nginx Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=86627" }, { "title": "Red Hat: Important: rh-nginx114-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183681 - security advisory" }, { "title": "Red Hat: Important: rh-nginx112-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183680 - security advisory" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3812-1" }, { "title": "Debian CVElist Bug Report Logs: nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f21dcb5d073b4fb671c738fa256c2347" }, { "title": "Red Hat: CVE-2018-16844", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-16844" }, { "title": "Amazon Linux AMI: ALAS-2018-1125", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-1125" }, { "title": "anitazhaochen.github.io", "trust": 0.1, "url": "https://github.com/anitazhaochen/anitazhaochen.github.io " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-16844" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127244" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "NVD", "id": "CVE-2018-16844" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16844" }, { "trust": 2.0, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "trust": 2.0, "url": "https://usn.ubuntu.com/3812-1/" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3680" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3681" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/105868" }, { "trust": 1.7, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.7, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1042038" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16844" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3384/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75522" }, { "trust": 0.6, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10960610" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042571" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-16843" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-16844" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-16845" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16843" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/nginx" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.2" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3812-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.9" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.15.5-0ubuntu2.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://developer.apple.com/xcode/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747" }, { "trust": 0.1, "url": "https://support.apple.com/ht212818." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529" } ], "sources": [ { "db": "VULHUB", "id": "VHN-127244" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-127244" }, { "db": "VULMON", "id": "CVE-2018-16844" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-07T00:00:00", "db": "VULHUB", "id": "VHN-127244" }, { "date": "2018-11-07T00:00:00", "db": "VULMON", "id": "CVE-2018-16844" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "date": "2018-11-12T16:57:53", "db": "PACKETSTORM", "id": "150253" }, { "date": "2018-11-07T17:35:27", "db": "PACKETSTORM", "id": "150214" }, { "date": "2018-11-27T17:24:35", "db": "PACKETSTORM", "id": "150480" }, { "date": "2018-11-27T17:24:48", "db": "PACKETSTORM", "id": "150481" }, { "date": "2021-09-22T16:28:58", "db": "PACKETSTORM", "id": "164240" }, { "date": "2018-11-07T14:29:00.837000", "db": "NVD", "id": "CVE-2018-16844" }, { "date": "2018-11-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-127244" }, { "date": "2022-02-22T00:00:00", "db": "VULMON", "id": "CVE-2018-16844" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "date": "2022-02-22T19:27:12.300000", "db": "NVD", "id": "CVE-2018-16844" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "150214" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Vulnerable to resource exhaustion", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011776" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-120" } ], "trust": 0.6 } }
var-200911-0310
Vulnerability from variot
src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. The 'nginx' program is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22
http://security.gentoo.org/
Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.0.14 >= 1.0.14
Description
Multiple vulnerabilities have been found in nginx:
- The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555).
- The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896).
- nginx does not properly sanitize user input for the the WebDAV COPY or MOVE methods (CVE-2009-3898).
- The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315).
- nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180).
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the nginx process, cause a Denial of Service condition, create or overwrite arbitrary files, or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-22.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Gentoo update for nginx
SECUNIA ADVISORY ID: SA48577
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48577/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48577
RELEASE DATE: 2012-03-28
DISCUSS ADVISORY: http://secunia.com/advisories/48577/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48577/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48577
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Gentoo has issued an update for nginx. This fixes a weakness, a security issue, and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), manipulate certain data, and potentially compromise a vulnerable system.
For more information: SA36751 SA36818 SA37291 SA46798 SA48366
SOLUTION: Update to "www-servers/nginx-1.0.14" or later.
ORIGINAL ADVISORY: GLSA 201203-22: http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200911-0310", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.49" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.45" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.45" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.42" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.39" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.47" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.59" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.50" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.51" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.41" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.61" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.48" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.57" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.42" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.43" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.46" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.39" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.54" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.61" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.43" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.46" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.55" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.56" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.50" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.40" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.60" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.54" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.57" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.53" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.51" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.56" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.39" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.44" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.49" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.47" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.55" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.52" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.40" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.48" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.53" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.41" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.59" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.44" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.52" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.45" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.43" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "nginx", "version": "0.6.1516" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.60" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.41" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.58" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.42" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.40" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.44" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.58" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.35" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.14" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.1.0 to 0.4.14" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.6.x" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.7.x" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.x" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.6.39" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.5.x" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.5.38" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.7.62" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.49" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.48" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.46" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.47" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.50" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.11" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.61" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.38" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.32" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.5.37" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.5" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.4.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.4.13" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.4" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" } ], "sources": [ { "db": "BID", "id": "36839" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nginx:nginx:0.6.1516:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2009-3896" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Jasson Bell", "sources": [ { "db": "BID", "id": "36839" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ], "trust": 0.9 }, "cve": "CVE-2009-3896", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2009-3896", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-41342", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2009-3896", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-200911-243", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-41342", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-41342" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. The \u0027nginx\u0027 program is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: nginx: Multiple vulnerabilities\n Date: March 28, 2012\n Bugs: #293785, #293786, #293788, #389319, #408367\n ID: 201203-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.0.14 \u003e= 1.0.14\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in nginx:\n\n* The TLS protocol does not properly handle session renegotiation\n requests (CVE-2009-3555). \n* The \"ngx_http_process_request_headers()\" function in ngx_http_parse.c\n could cause a NULL pointer dereference (CVE-2009-3896). \n* nginx does not properly sanitize user input for the the WebDAV COPY\n or MOVE methods (CVE-2009-3898). \n* The \"ngx_resolver_copy()\" function in ngx_resolver.c contains a\n boundary error which could cause a heap-based buffer overflow\n (CVE-2011-4315). \n* nginx does not properly parse HTTP header responses which could\n expose sensitive information (CVE-2012-1180). \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the nginx process, cause a Denial of Service condition,\ncreate or overwrite arbitrary files, or obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.0.14\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2009-3896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896\n[ 3 ] CVE-2009-3898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898\n[ 4 ] CVE-2011-4315\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315\n[ 5 ] CVE-2012-1180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-22.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nGentoo update for nginx\n\nSECUNIA ADVISORY ID:\nSA48577\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48577/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577\n\nRELEASE DATE:\n2012-03-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48577/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48577/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nGentoo has issued an update for nginx. This fixes a weakness, a\nsecurity issue, and multiple vulnerabilities, which can be exploited\nby malicious people to disclose certain sensitive information, bypass\ncertain security restrictions, cause a DoS (Denial of Service),\nmanipulate certain data, and potentially compromise a vulnerable\nsystem. \n\nFor more information:\nSA36751\nSA36818\nSA37291\nSA46798\nSA48366\n\nSOLUTION:\nUpdate to \"www-servers/nginx-1.0.14\" or later. \n\nORIGINAL ADVISORY:\nGLSA 201203-22:\nhttp://www.gentoo.org/security/en/glsa/glsa-201203-22.xml\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "BID", "id": "36839" }, { "db": "VULHUB", "id": "VHN-41342" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2009-3896", "trust": 2.9 }, { "db": "BID", "id": "36839", "trust": 2.0 }, { "db": "SECUNIA", "id": "48577", "trust": 1.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/20/1", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/20/6", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/23/10", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2009-005107", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200911-243", "trust": 0.7 }, { "db": "SEEBUG", "id": "SSVID-87573", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-41342", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111273", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111263", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-41342" }, { "db": "BID", "id": "36839" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "id": "VAR-200911-0310", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-41342" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:54:43.254000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://nginx.org/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005107" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-41342" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "NVD", "id": "CVE-2009-3896" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/36839" }, { "trust": 1.7, "url": "http://secunia.com/advisories/48577" }, { "trust": 1.7, "url": "http://www.debian.org/security/2009/dsa-1920" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2009/11/20/6" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "trust": 1.7, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz" }, { "trust": 1.7, "url": "http://sysoev.ru/nginx/patch.null.pointer.txt" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=539565" }, { "trust": 1.6, "url": "http://marc.info/?l=nginx\u0026m=125692080328141\u0026w=2" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3896" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3896" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.1, "url": "http://marc.info/?l=nginx\u0026amp;m=125692080328141\u0026amp;w=2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3896" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4315" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3896" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4315" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "http://secunia.com/psi_30_beta_launch" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48577/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48577/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-41342" }, { "db": "BID", "id": "36839" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-41342" }, { "db": "BID", "id": "36839" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-11-24T00:00:00", "db": "VULHUB", "id": "VHN-41342" }, { "date": "2009-10-27T00:00:00", "db": "BID", "id": "36839" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "date": "2012-03-29T02:37:12", "db": "PACKETSTORM", "id": "111273" }, { "date": "2012-03-28T06:36:19", "db": "PACKETSTORM", "id": "111263" }, { "date": "2009-11-24T17:30:00.377000", "db": "NVD", "id": "CVE-2009-3896" }, { "date": "2009-10-27T00:00:00", "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-41342" }, { "date": "2015-04-13T20:25:00", "db": "BID", "id": "36839" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "date": "2021-11-10T15:52:55.747000", "db": "NVD", "id": "CVE-2009-3896" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200911-243" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of src/http/ngx_http_parse.c Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005107" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200911-243" } ], "trust": 0.6 } }
var-201602-0392
Vulnerability from variot
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. There is a use-after-free vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if the "resolver" directive is used in a configuration file.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.1-2.2+wheezy4.
For the stable distribution (jessie), these problems have been fixed in version 1.6.2-5+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1.9.10-1.
For the unstable distribution (sid), these problems have been fixed in version 1.9.10-1.
We recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).
Security Fix(es):
-
A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. (CVE-2016-4450)
-
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742)
-
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. (CVE-2016-0746)
-
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. (CVE-2016-0747)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver 1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver 1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver 1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2892-1 February 09, 2016
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx. (CVE-2016-0747)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.1 nginx-extras 1.9.3-1ubuntu1.1 nginx-full 1.9.3-1ubuntu1.1 nginx-light 1.9.3-1ubuntu1.1
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.4 nginx-extras 1.4.6-1ubuntu3.4 nginx-full 1.4.6-1ubuntu3.4 nginx-light 1.4.6-1ubuntu3.4 nginx-naxsi 1.4.6-1ubuntu3.4
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0392", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.9.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.9.10" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.8.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.10" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.6.18" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.1" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "nginx", "scope": "eq", "trust": 0.9, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.9.10" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.9.x" }, { "model": "leap", "scope": "eq", "trust": 0.8, "vendor": "novell", "version": "42.1" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "15.10" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "14.04 lts" }, { "model": "gnu/linux", "scope": "eq", "trust": 0.8, "vendor": "debian", "version": "8.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.2" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.8" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.6" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.5" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.7" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.9.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.6.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" } ], "sources": [ { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "db": "NVD", "id": "CVE-2016-0746" }, { "db": "CNNVD", "id": "CNNVD-201602-058" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.8.0", "versionStartIncluding": "0.6.18", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.9.10", "versionStartIncluding": "1.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-0746" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "82230" } ], "trust": 0.3 }, "cve": "CVE-2016-0746", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-0746", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-88256", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-0746", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2016-0746", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201602-058", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-88256", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2016-0746", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-88256" }, { "db": "VULMON", "id": "CVE-2016-0746" }, { "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "db": "NVD", "id": "CVE-2016-0746" }, { "db": "CNNVD", "id": "CNNVD-201602-058" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. There is a use-after-free vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if\nthe \"resolver\" directive is used in a configuration file. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.1-2.2+wheezy4. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.6.2-5+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.9.10-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.10-1. \n\nWe recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2016:1425-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1425\nIssue date: 2016-07-14\nCVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 \n CVE-2016-4450 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web and proxy server with a focus on high concurrency,\nperformance, and low memory usage. \n\nThe following packages have been upgraded to a newer upstream version:\nrh-nginx18-nginx (1.8.1). \n\nSecurity Fix(es):\n\n* A NULL pointer dereference flaw was found in the nginx code responsible\nfor saving client request body to a temporary file. (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and\ndereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME\nDNS records. \n(CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME\nDNS records. \n(CVE-2016-0747)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver\n1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver\n1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver\n1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0742\nhttps://access.redhat.com/security/cve/CVE-2016-0746\nhttps://access.redhat.com/security/cve/CVE-2016-0747\nhttps://access.redhat.com/security/cve/CVE-2016-4450\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp\nZhbDRXs2sdXbnakZ6oJi/K8=\n=7RBd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2892-1\nFebruary 09, 2016\n\nnginx vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n(CVE-2016-0747)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n nginx-core 1.9.3-1ubuntu1.1\n nginx-extras 1.9.3-1ubuntu1.1\n nginx-full 1.9.3-1ubuntu1.1\n nginx-light 1.9.3-1ubuntu1.1\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.4\n nginx-extras 1.4.6-1ubuntu3.4\n nginx-full 1.4.6-1ubuntu3.4\n nginx-light 1.4.6-1ubuntu3.4\n nginx-naxsi 1.4.6-1ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"", "sources": [ { "db": "NVD", "id": "CVE-2016-0746" }, { "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "db": "BID", "id": "82230" }, { "db": "VULHUB", "id": "VHN-88256" }, { "db": "VULMON", "id": "CVE-2016-0746" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-0746", "trust": 3.4 }, { "db": "SECTRACK", "id": "1034869", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2016-001744", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201602-058", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "BID", "id": "82230", "trust": 0.4 }, { "db": "VULHUB", "id": "VHN-88256", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-0746", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135738", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137908", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137518", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135684", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88256" }, { "db": "VULMON", "id": "CVE-2016-0746" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0746" }, { "db": "CNNVD", "id": "CNNVD-201602-058" } ] }, "id": "VAR-201602-0392", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-88256" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:15:54.978000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-3473", "trust": 0.8, "url": "http://www.debian.org/security/2016/dsa-3473" }, { "title": "openSUSE-SU-2016:0371", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "title": "Bug 1302588", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588" }, { "title": "USN-2892-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/usn-2892-1/" }, { "title": "CVE-2016-0742, CVE-2016-0746, CVE-2016-0747", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html" }, { "title": "nginx resolver Remediation measures for reusing vulnerabilities after release", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=60055" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2892-1" }, { "title": "Red Hat: CVE-2016-0746", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-0746" }, { "title": "Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=10ec4e6c24845a17d787b01f883e17a7" }, { "title": "Amazon Linux AMI: ALAS-2016-655", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-655" }, { "title": "Symantec Security Advisories: SA115 : Multiple nginx DNS resolver vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=4df1d4c41a5a305df81d1cff15b6d5a3" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-0746" }, { "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "db": "CNNVD", "id": "CNNVD-201602-058" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.1 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88256" }, { "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "db": "NVD", "id": "CVE-2016-0746" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://security.gentoo.org/glsa/201606-06" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2016:1425" }, { "trust": 1.9, "url": "http://www.ubuntu.com/usn/usn-2892-1" }, { "trust": 1.8, "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "trust": 1.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588" }, { "trust": 1.8, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.8, "url": "http://www.debian.org/security/2016/dsa-3473" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.8, "url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1034869" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0746" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0746" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.10431541.1444954692.1454065053" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.85903129.1444954692.1454065053" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.107423490.1444954692.1454065053" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237" }, { "trust": 0.3, "url": "https://support.asperasoft.com/hc/en-us/articles/229846687-security-bulletin-multiple-vulnerabilities-with-the-nginx-web-server-used-in-ibm-aspera-shares-1-9-2-earlier" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/416.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2892-1/" }, { "trust": 0.1, "url": "https://www.securityfocus.com/bid/82230" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0742" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0747" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0746" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4450" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.1, "url": "https://developer.apple.com/xcode/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.1, "url": "https://support.apple.com/ht212818." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529" } ], "sources": [ { "db": "VULHUB", "id": "VHN-88256" }, { "db": "VULMON", "id": "CVE-2016-0746" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0746" }, { "db": "CNNVD", "id": "CNNVD-201602-058" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-88256" }, { "db": "VULMON", "id": "CVE-2016-0746" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0746" }, { "db": "CNNVD", "id": "CNNVD-201602-058" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-15T00:00:00", "db": "VULHUB", "id": "VHN-88256" }, { "date": "2016-02-15T00:00:00", "db": "VULMON", "id": "CVE-2016-0746" }, { "date": "2016-01-29T00:00:00", "db": "BID", "id": "82230" }, { "date": "2016-03-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "date": "2016-02-12T19:22:00", "db": "PACKETSTORM", "id": "135738" }, { "date": "2016-07-14T20:08:00", "db": "PACKETSTORM", "id": "137908" }, { "date": "2016-06-17T23:50:23", "db": "PACKETSTORM", "id": "137518" }, { "date": "2016-02-10T03:55:35", "db": "PACKETSTORM", "id": "135684" }, { "date": "2021-09-22T16:28:58", "db": "PACKETSTORM", "id": "164240" }, { "date": "2016-02-15T19:59:01.157000", "db": "NVD", "id": "CVE-2016-0746" }, { "date": "2016-01-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201602-058" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-88256" }, { "date": "2021-09-22T00:00:00", "db": "VULMON", "id": "CVE-2016-0746" }, { "date": "2016-10-26T00:01:00", "db": "BID", "id": "82230" }, { "date": "2016-03-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001744" }, { "date": "2021-12-16T18:43:07.100000", "db": "NVD", "id": "CVE-2016-0746" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201602-058" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "CNNVD", "id": "CNNVD-201602-058" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Service disruption in other resolvers (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001744" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201602-058" } ], "trust": 0.6 } }
var-201412-0610
Vulnerability from variot
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. This vulnerability CVE-2011-0411 It is a similar problem. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. nginx is prone to a remote command-injection vulnerability. Attackers can exploit this issue to inject commands into SSL sessions and disclose sensitive information. Versions prior to nginx 1.6.1 and 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability stems from the fact that the program does not properly limit I/O buffering. The following versions are affected: nginx version 1.5.x, version 1.6.0, version 1.6.1, version 1.7.0 to version 1.7.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04533567
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04533567 Version: 1
HPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information, Denial of Service (DoS) and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-01-10 Last Updated: 2015-01-10
Potential Security Impact: Remote disclosure of information, Denial of Service (DoS) and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP SSL for OpenVMS. These vulnerabilities could be remotely exploited to create a remote disclosure of information, Denial of Service, and other vulnerabilities.
References:
CVE-2014-3556 - cryptographic issues (CWE-310) CVE-2014-3567 - remote Denial of Service (DoS) (CWE-20, CWE-399) CVE-2014-3568 - cryptographic issues (CWE-310) SSRT101779
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS - All versions prior to Version 1.4-495
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP SSL Version 1.4-495 for OpenVMS is based on Open Source OpenSSL version 0.9.8zc and includes the latest security updates from OpenSSL.org.
HP has made the following patch kit available to resolve the vulnerabilities.
The HP SSL Version 1.4-495 for OpenVMS is available from the following locations:
OpenVMS HP SSL website: http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
The HP SSL Version 1.4-495 for OpenVMS kits for both Integrity and Alpha platforms have been uploaded to HP Support Center website. Customers can access the kits from Patch Management page.
Go to https://h20566.www2.hp.com/portal/site/hpsc/patch/home/
Login using your HP Passport account
Search for the Patch Kit Name from the table below
HP SSL Version OpenVMS Platform Patch Kit Name
V1.4-495 Alpha
OpenVMS V8.3, V8.4 HP-AXPVMS-SSL-V0104
V1.4-495 ITANIUM
OpenVMS V8.3, V8.3-1H1, V8.4 HP-I64VMS-SSL-V0104
HISTORY Version:1 (rev.1) - 10 December 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlSwdq4ACgkQ4B86/C0qfVmlZgCg825/1F8UumLLhYt0pKaqeN5n Fj0AoJvSKKRxuu+/ayOhqr97QoDWGTSX =ZBgU -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0610", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.5.6" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.7.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.6.1" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.7.4" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.7.4" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.5.x" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.7.x" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.6.x" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.3" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "db": "NVD", "id": "CVE-2014-3556" }, { "db": "CNNVD", "id": "CNNVD-201408-095" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6.1", "versionStartIncluding": "1.5.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.4", "versionStartIncluding": "1.7.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3556" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Chris Boulton", "sources": [ { "db": "BID", "id": "69111" } ], "trust": 0.3 }, "cve": "CVE-2014-3556", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2014-3556", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-71496", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3556", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201408-095", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-71496", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-71496" }, { "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "db": "NVD", "id": "CVE-2014-3556" }, { "db": "CNNVD", "id": "CNNVD-201408-095" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411. This vulnerability CVE-2011-0411 It is a similar problem. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. nginx is prone to a remote command-injection vulnerability. \nAttackers can exploit this issue to inject commands into SSL sessions and disclose sensitive information. \nVersions prior to nginx 1.6.1 and 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability stems from the fact that the program does not properly limit I/O buffering. The following versions are affected: nginx version 1.5.x, version 1.6.0, version 1.6.1, version 1.7.0 to version 1.7.3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04533567\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04533567\nVersion: 1\n\nHPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information,\nDenial of Service (DoS) and Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-01-10\nLast Updated: 2015-01-10\n\n- -----------------------------------------------------------------------------\n\nPotential Security Impact: Remote disclosure of information, Denial of\nService (DoS) and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP SSL for\nOpenVMS. These vulnerabilities could be remotely exploited to create a remote\ndisclosure of information, Denial of Service, and other vulnerabilities. \n\nReferences:\n\nCVE-2014-3556 - cryptographic issues (CWE-310)\nCVE-2014-3567 - remote Denial of Service (DoS) (CWE-20, CWE-399)\nCVE-2014-3568 - cryptographic issues (CWE-310)\nSSRT101779\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL for OpenVMS - All versions prior to Version 1.4-495\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP SSL Version 1.4-495 for OpenVMS is based on Open Source OpenSSL version\n0.9.8zc and includes the latest security updates from OpenSSL.org. \n\nHP has made the following patch kit available to resolve the vulnerabilities. \n\nThe HP SSL Version 1.4-495 for OpenVMS is available from the following\nlocations:\n\nOpenVMS HP SSL website:\nhttp://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\nThe HP SSL Version 1.4-495 for OpenVMS kits for both Integrity and Alpha\nplatforms have been uploaded to HP Support Center website. Customers can\naccess the kits from Patch Management page. \n\nGo to https://h20566.www2.hp.com/portal/site/hpsc/patch/home/\n\nLogin using your HP Passport account\n\nSearch for the Patch Kit Name from the table below\n\nHP SSL Version OpenVMS\n Platform\n Patch Kit Name\n\nV1.4-495\n Alpha\n\nOpenVMS V8.3, V8.4\n HP-AXPVMS-SSL-V0104\n\nV1.4-495\n ITANIUM\n\nOpenVMS V8.3, V8.3-1H1, V8.4\n HP-I64VMS-SSL-V0104\n\nHISTORY\nVersion:1 (rev.1) - 10 December 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlSwdq4ACgkQ4B86/C0qfVmlZgCg825/1F8UumLLhYt0pKaqeN5n\nFj0AoJvSKKRxuu+/ayOhqr97QoDWGTSX\n=ZBgU\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2014-3556" }, { "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "db": "BID", "id": "69111" }, { "db": "VULHUB", "id": "VHN-71496" }, { "db": "PACKETSTORM", "id": "129877" } ], "trust": 2.07 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-71496", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-71496" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3556", "trust": 2.9 }, { "db": "JVNDB", "id": "JVNDB-2014-007439", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201408-095", "trust": 0.7 }, { "db": "BID", "id": "69111", "trust": 0.4 }, { "db": "PACKETSTORM", "id": "129877", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-71496", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-71496" }, { "db": "BID", "id": "69111" }, { "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "db": "PACKETSTORM", "id": "129877" }, { "db": "NVD", "id": "CVE-2014-3556" }, { "db": "CNNVD", "id": "CNNVD-201408-095" } ] }, "id": "VAR-201412-0610", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-71496" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:13:03.115000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HPSBOV03227", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "title": "http://nginx.org/download/patch.2014.starttls.txt", "trust": 0.8, "url": "http://nginx.org/download/patch.2014.starttls.txt" }, { "title": "Bug 1126891", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126891" }, { "title": "CVE-2014-3556", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html" }, { "title": "nginx-1.6.1", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=53046" }, { "title": "nginx-1.7.4", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=53049" }, { "title": "nginx-1.7.4", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=53048" }, { "title": "nginx-1.6.1", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=53047" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "db": "CNNVD", "id": "CNNVD-201408-095" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-77", "trust": 1.1 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-71496" }, { "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "db": "NVD", "id": "CVE-2014-3556" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://nginx.org/download/patch.2014.starttls.txt" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126891" }, { "trust": 1.7, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3556" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3556" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142103967620673\u0026amp;w=2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/patch/home/" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3556" } ], "sources": [ { "db": "VULHUB", "id": "VHN-71496" }, { "db": "BID", "id": "69111" }, { "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "db": "PACKETSTORM", "id": "129877" }, { "db": "NVD", "id": "CVE-2014-3556" }, { "db": "CNNVD", "id": "CNNVD-201408-095" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-71496" }, { "db": "BID", "id": "69111" }, { "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "db": "PACKETSTORM", "id": "129877" }, { "db": "NVD", "id": "CVE-2014-3556" }, { "db": "CNNVD", "id": "CNNVD-201408-095" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-29T00:00:00", "db": "VULHUB", "id": "VHN-71496" }, { "date": "2014-08-07T00:00:00", "db": "BID", "id": "69111" }, { "date": "2015-01-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "date": "2015-01-12T17:14:20", "db": "PACKETSTORM", "id": "129877" }, { "date": "2014-12-29T20:59:03.943000", "db": "NVD", "id": "CVE-2014-3556" }, { "date": "2014-08-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-095" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-71496" }, { "date": "2014-08-07T00:00:00", "db": "BID", "id": "69111" }, { "date": "2015-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007439" }, { "date": "2021-11-10T15:59:33.300000", "db": "NVD", "id": "CVE-2014-3556" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-095" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "129877" }, { "db": "CNNVD", "id": "CNNVD-201408-095" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of SMTP proxy of mail/ngx_mail_smtp_handler.c of STARTTLS Encrypted in implementation SMTP Command injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007439" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "command injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201408-095" } ], "trust": 0.6 } }
var-201006-0492
Vulnerability from variot
nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. Nginx is prone to a denial-of-service vulnerability. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. There are security holes in nginx
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201006-0492", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.7.52" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "0.8.40" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "0.7.67" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.8.0" }, { "model": "nginx", "scope": "eq", "trust": 0.9, "vendor": "nginx", "version": "0.8.36" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.36" } ], "sources": [ { "db": "BID", "id": "78928" }, { "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "db": "NVD", "id": "CVE-2010-2266" }, { "db": "CNNVD", "id": "CNNVD-201006-226" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.67", "versionStartIncluding": "0.7.52", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.8.40", "versionStartIncluding": "0.8.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-2266" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "78928" } ], "trust": 0.3 }, "cve": "CVE-2010-2266", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2010-2266", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-44871", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-2266", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201006-226", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-44871", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-44871" }, { "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "db": "NVD", "id": "CVE-2010-2266" }, { "db": "CNNVD", "id": "CNNVD-201006-226" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the \"%c0.%c0.\" sequence. Nginx is prone to a denial-of-service vulnerability. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. There are security holes in nginx", "sources": [ { "db": "NVD", "id": "CVE-2010-2266" }, { "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "db": "BID", "id": "78928" }, { "db": "VULHUB", "id": "VHN-44871" } ], "trust": 1.98 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-44871", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-44871" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-2266", "trust": 2.8 }, { "db": "EXPLOIT-DB", "id": "13818", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2010-004871", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201006-226", "trust": 0.7 }, { "db": "BID", "id": "78928", "trust": 0.4 }, { "db": "SEEBUG", "id": "SSVID-88008", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-88038", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-44871", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-44871" }, { "db": "BID", "id": "78928" }, { "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "db": "NVD", "id": "CVE-2010-2266" }, { "db": "CNNVD", "id": "CNNVD-201006-226" } ] }, "id": "VAR-201006-0492", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-44871" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T12:31:33.340000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://nginx.org/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-004871" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.1 }, { "problemtype": "CWE-20", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-44871" }, { "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "db": "NVD", "id": "CVE-2010-2266" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.exploit-db.com/exploits/13818/" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2266" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2266" } ], "sources": [ { "db": "VULHUB", "id": "VHN-44871" }, { "db": "BID", "id": "78928" }, { "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "db": "NVD", "id": "CVE-2010-2266" }, { "db": "CNNVD", "id": "CNNVD-201006-226" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-44871" }, { "db": "BID", "id": "78928" }, { "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "db": "NVD", "id": "CVE-2010-2266" }, { "db": "CNNVD", "id": "CNNVD-201006-226" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-06-15T00:00:00", "db": "VULHUB", "id": "VHN-44871" }, { "date": "2010-06-15T00:00:00", "db": "BID", "id": "78928" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "date": "2010-06-15T14:04:24.420000", "db": "NVD", "id": "CVE-2010-2266" }, { "date": "2010-06-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201006-226" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-44871" }, { "date": "2010-06-15T00:00:00", "db": "BID", "id": "78928" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-004871" }, { "date": "2021-11-10T15:52:53.883000", "db": "NVD", "id": "CVE-2010-2266" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201006-226" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201006-226" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-004871" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-201006-226" } ], "trust": 0.6 } }
var-201404-0682
Vulnerability from variot
The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. nginx SPDY Implementation 1.5.10 is vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0682", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "eq", "trust": 1.4, "vendor": "igor sysoev", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.10" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.5.10" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "1.5.11" } ], "sources": [ { "db": "BID", "id": "67507" }, { "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "db": "NVD", "id": "CVE-2014-0088" }, { "db": "CNNVD", "id": "CNNVD-201404-576" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0088" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Lucas Molas", "sources": [ { "db": "BID", "id": "67507" } ], "trust": 0.3 }, "cve": "CVE-2014-0088", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2014-0088", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-67581", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-0088", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201404-576", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-67581", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2014-0088", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-67581" }, { "db": "VULMON", "id": "CVE-2014-0088" }, { "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "db": "NVD", "id": "CVE-2014-0088" }, { "db": "CNNVD", "id": "CNNVD-201404-576" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. \nAn attacker can exploit this issue to execute arbitrary code in the context of the affected application. \nnginx SPDY Implementation 1.5.10 is vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev", "sources": [ { "db": "NVD", "id": "CVE-2014-0088" }, { "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "db": "BID", "id": "67507" }, { "db": "VULHUB", "id": "VHN-67581" }, { "db": "VULMON", "id": "CVE-2014-0088" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0088", "trust": 2.9 }, { "db": "SECTRACK", "id": "1030150", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2014-002327", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201404-576", "trust": 0.7 }, { "db": "BID", "id": "67507", "trust": 0.4 }, { "db": "VULHUB", "id": "VHN-67581", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2014-0088", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-67581" }, { "db": "VULMON", "id": "CVE-2014-0088" }, { "db": "BID", "id": "67507" }, { "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "db": "NVD", "id": "CVE-2014-0088" }, { "db": "CNNVD", "id": "CNNVD-201404-576" } ] }, "id": "VAR-201404-0682", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-67581" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:09:25.139000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2014-0088", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html" }, { "title": "nginx-1.5.11", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=49670" }, { "title": "nginx-1.5.11", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=49669" }, { "title": "Red Hat: CVE-2014-0088", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0088" }, { "title": "usn-search", "trust": 0.1, "url": "https://github.com/lukeber4/usn-search " }, { "title": "", "trust": 0.1, "url": "https://github.com/aravindb26/new.txt " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0088" }, { "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "db": "CNNVD", "id": "CNNVD-201404-576" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-67581" }, { "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "db": "NVD", "id": "CVE-2014-0088" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1030150" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0088" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0088" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33959" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-67581" }, { "db": "VULMON", "id": "CVE-2014-0088" }, { "db": "BID", "id": "67507" }, { "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "db": "NVD", "id": "CVE-2014-0088" }, { "db": "CNNVD", "id": "CNNVD-201404-576" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-67581" }, { "db": "VULMON", "id": "CVE-2014-0088" }, { "db": "BID", "id": "67507" }, { "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "db": "NVD", "id": "CVE-2014-0088" }, { "db": "CNNVD", "id": "CNNVD-201404-576" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-29T00:00:00", "db": "VULHUB", "id": "VHN-67581" }, { "date": "2014-04-29T00:00:00", "db": "VULMON", "id": "CVE-2014-0088" }, { "date": "2014-03-04T00:00:00", "db": "BID", "id": "67507" }, { "date": "2014-05-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "date": "2014-04-29T14:38:49.920000", "db": "NVD", "id": "CVE-2014-0088" }, { "date": "2014-04-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-576" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-67581" }, { "date": "2021-11-10T00:00:00", "db": "VULMON", "id": "CVE-2014-0088" }, { "date": "2014-03-04T00:00:00", "db": "BID", "id": "67507" }, { "date": "2014-05-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002327" }, { "date": "2021-11-10T15:59:33.673000", "db": "NVD", "id": "CVE-2014-0088" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-576" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-576" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of ngx_http_spdy_module Module SPDY Vulnerabilities in arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002327" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-576" } ], "trust": 0.6 } }
var-201606-0476
Vulnerability from variot
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. nginx is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions. nginx 1.3.9 through 1.11.0 are vulnerable. A security vulnerability exists in the os/unix/ngx_files.c file of nginx versions prior to 1.10.1 and versions 1.11.x prior to 1.11.1. ========================================================================== Ubuntu Security Notice USN-2991-1 June 02, 2016
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
nginx could be made to crash if it received specially crafted network traffic.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: nginx-core 1.10.0-0ubuntu0.16.04.2 nginx-extras 1.10.0-0ubuntu0.16.04.2 nginx-full 1.10.0-0ubuntu0.16.04.2 nginx-light 1.10.0-0ubuntu0.16.04.2
Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.2 nginx-extras 1.9.3-1ubuntu1.2 nginx-full 1.9.3-1ubuntu1.2 nginx-light 1.9.3-1ubuntu1.2
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.5 nginx-extras 1.4.6-1ubuntu3.5 nginx-full 1.4.6-1ubuntu3.5 nginx-light 1.4.6-1ubuntu3.5
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1). (CVE-2016-4450)
-
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. (CVE-2016-0742)
-
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration. (CVE-2016-0746)
-
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. (CVE-2016-0747)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
For the stable distribution (jessie), this problem has been fixed in version 1.6.2-5+deb8u2.
For the unstable distribution (sid), this problem has been fixed in version 1.10.1-1.
We recommend that you upgrade your nginx packages
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0476", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.6, "vendor": "debian", "version": "8.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "1.11.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.3.9" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.10" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.10.1" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.11.1" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "15.10" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "16.04 lts" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "of 1.11.x" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "14.04 lts" }, { "model": "gnu/linux", "scope": "eq", "trust": 0.8, "vendor": "debian", "version": "8.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.9.1" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.9" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.8.1" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.7.5" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.7.3" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.0.1" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.9.2" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.11.1" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.10.1" }, { "model": "aspera shares", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "1.9.6" }, { "model": "aspera shares", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "1.9.4" } ], "sources": [ { "db": "BID", "id": "90967" }, { "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "db": "NVD", "id": "CVE-2016-4450" }, { "db": "CNNVD", "id": "CNNVD-201606-010" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.10.1", "versionStartIncluding": "1.3.9", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:1.11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-4450" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "90967" } ], "trust": 0.3 }, "cve": "CVE-2016-4450", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-4450", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-93269", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-4450", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-4450", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201606-010", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-93269", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-93269" }, { "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "db": "NVD", "id": "CVE-2016-4450" }, { "db": "CNNVD", "id": "CNNVD-201606-010" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. nginx is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions. \nnginx 1.3.9 through 1.11.0 are vulnerable. A security vulnerability exists in the os/unix/ngx_files.c file of nginx versions prior to 1.10.1 and versions 1.11.x prior to 1.11.1. ==========================================================================\nUbuntu Security Notice USN-2991-1\nJune 02, 2016\n\nnginx vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nnginx could be made to crash if it received specially crafted network\ntraffic. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n nginx-core 1.10.0-0ubuntu0.16.04.2\n nginx-extras 1.10.0-0ubuntu0.16.04.2\n nginx-full 1.10.0-0ubuntu0.16.04.2\n nginx-light 1.10.0-0ubuntu0.16.04.2\n\nUbuntu 15.10:\n nginx-core 1.9.3-1ubuntu1.2\n nginx-extras 1.9.3-1ubuntu1.2\n nginx-full 1.9.3-1ubuntu1.2\n nginx-light 1.9.3-1ubuntu1.2\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.5\n nginx-extras 1.4.6-1ubuntu3.5\n nginx-full 1.4.6-1ubuntu3.5\n nginx-light 1.4.6-1ubuntu3.5\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2016:1425-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1425\nIssue date: 2016-07-14\nCVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 \n CVE-2016-4450 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web and proxy server with a focus on high concurrency,\nperformance, and low memory usage. \n\nThe following packages have been upgraded to a newer upstream version:\nrh-nginx18-nginx (1.8.1). (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and\ndereference an invalid pointer when resolving CNAME DNS records. An\nattacker able to manipulate DNS responses received by nginx could use this\nflaw to cause a worker process to crash if nginx enabled the resolver in\nits configuration. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME\nDNS records. An attacker able to manipulate DNS responses received by nginx\ncould use this flaw to cause a worker process to crash or, possibly,\nexecute arbitrary code if nginx enabled the resolver in its configuration. \n(CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME\nDNS records. An attacker able to manipulate DNS responses received by nginx\ncould use this flaw to cause a worker process to use an excessive amount of\nresources if nginx enabled the resolver in its configuration. \n(CVE-2016-0747)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0742\nhttps://access.redhat.com/security/cve/CVE-2016-0746\nhttps://access.redhat.com/security/cve/CVE-2016-0747\nhttps://access.redhat.com/security/cve/CVE-2016-4450\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp\nZhbDRXs2sdXbnakZ6oJi/K8=\n=7RBd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.6.2-5+deb8u2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.10.1-1. \n\nWe recommend that you upgrade your nginx packages", "sources": [ { "db": "NVD", "id": "CVE-2016-4450" }, { "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "db": "BID", "id": "90967" }, { "db": "VULHUB", "id": "VHN-93269" }, { "db": "PACKETSTORM", "id": "137296" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "137286" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-4450", "trust": 3.2 }, { "db": "BID", "id": "90967", "trust": 2.0 }, { "db": "SECTRACK", "id": "1036019", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2016-003032", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201606-010", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.1717", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "137286", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "137296", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-93269", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137908", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137518", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-93269" }, { "db": "BID", "id": "90967" }, { "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "db": "PACKETSTORM", "id": "137296" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "137286" }, { "db": "NVD", "id": "CVE-2016-4450" }, { "db": "CNNVD", "id": "CNNVD-201606-010" } ] }, "id": "VAR-201606-0476", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-93269" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:30:05.930000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-3592", "trust": 0.8, "url": "http://www.debian.org/security/2016/dsa-3592" }, { "title": "USN-2991-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/usn-2991-1/" }, { "title": "CVE-2016-4450", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html" }, { "title": "nginx Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=62036" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "db": "CNNVD", "id": "CNNVD-201606-010" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.1 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-93269" }, { "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "db": "NVD", "id": "CVE-2016-4450" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201606-06" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2016:1425" }, { "trust": 1.8, "url": "http://www.ubuntu.com/usn/usn-2991-1" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/90967" }, { "trust": 1.7, "url": "http://www.debian.org/security/2016/dsa-3592" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1036019" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4450" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4450" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1717/" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341462" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.5" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.10.0-0ubuntu0.16.04.2" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0742" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0747" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0746" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4450" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" } ], "sources": [ { "db": "VULHUB", "id": "VHN-93269" }, { "db": "BID", "id": "90967" }, { "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "db": "PACKETSTORM", "id": "137296" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "137286" }, { "db": "NVD", "id": "CVE-2016-4450" }, { "db": "CNNVD", "id": "CNNVD-201606-010" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-93269" }, { "db": "BID", "id": "90967" }, { "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "db": "PACKETSTORM", "id": "137296" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "137286" }, { "db": "NVD", "id": "CVE-2016-4450" }, { "db": "CNNVD", "id": "CNNVD-201606-010" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-06-07T00:00:00", "db": "VULHUB", "id": "VHN-93269" }, { "date": "2016-05-31T00:00:00", "db": "BID", "id": "90967" }, { "date": "2016-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "date": "2016-06-02T16:24:00", "db": "PACKETSTORM", "id": "137296" }, { "date": "2016-07-14T20:08:00", "db": "PACKETSTORM", "id": "137908" }, { "date": "2016-06-17T23:50:23", "db": "PACKETSTORM", "id": "137518" }, { "date": "2016-06-01T23:31:23", "db": "PACKETSTORM", "id": "137286" }, { "date": "2016-06-07T14:06:14.200000", "db": "NVD", "id": "CVE-2016-4450" }, { "date": "2016-06-02T00:00:00", "db": "CNNVD", "id": "CNNVD-201606-010" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-93269" }, { "date": "2016-10-26T00:19:00", "db": "BID", "id": "90967" }, { "date": "2016-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003032" }, { "date": "2021-11-10T16:00:48.823000", "db": "NVD", "id": "CVE-2016-4450" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201606-010" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "137296" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "CNNVD", "id": "CNNVD-201606-010" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of os/unix/ngx_files.c Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-003032" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201606-010" } ], "trust": 0.6 } }
var-201112-0347
Vulnerability from variot
Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. nginx is prone to a remote heap-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to nginx 1.0.10 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22
http://security.gentoo.org/
Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.0.14 >= 1.0.14
Description
Multiple vulnerabilities have been found in nginx:
- The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555).
- The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896).
- nginx does not properly sanitize user input for the the WebDAV COPY or MOVE methods (CVE-2009-3898).
- The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315).
- nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180).
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-22.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: nginx DNS Response Handling Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46798
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46798/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46798
RELEASE DATE: 2011-11-17
DISCUSS ADVISORY: http://secunia.com/advisories/46798/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46798/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46798
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in nginx, which can be exploited by malicious people to potentially compromise a vulnerable system.
Successful exploitation may allow execution of arbitrary code but requires that the custom DNS resolver is enabled (disabled by default).
SOLUTION: Update to version 1.0.10.
PROVIDED AND/OR DISCOVERED BY: Ben Hawkes
ORIGINAL ADVISORY: nginx: http://nginx.org/en/CHANGES-1.0
Ben Hawkes: http://www.openwall.com/lists/oss-security/2011/11/17/8
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. This fixes a weakness, a security issue, and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), manipulate certain data, and potentially compromise a vulnerable system
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201112-0347", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webyast", "scope": "eq", "trust": 1.3, "vendor": "suse", "version": "1.2" }, { "model": "studio onsite", "scope": "eq", "trust": 1.3, "vendor": "suse", "version": "1.2" }, { "model": "studio", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "1.2" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.0.10" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.6.18" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.1.7" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "16" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.1.0" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.0.10" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.0.9" }, { "model": "studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "1.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.9" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.8" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.41" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.36" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.35" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.33" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.32" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.15" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.66" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.65" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.64" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.62" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.61" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.39" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.38" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.36" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.32" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.5.38" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.5.37" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.5" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "1.0.10" } ], "sources": [ { "db": "BID", "id": "50710" }, { "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "db": "NVD", "id": "CVE-2011-4315" }, { "db": "CNNVD", "id": "CNNVD-201111-315" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.10", "versionStartIncluding": "0.6.18", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.1.7", "versionStartIncluding": "1.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:suse:studio:1.2:*:*:*:standard:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:suse:studio_onsite:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:suse:webyast:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-4315" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ben Hawkes", "sources": [ { "db": "BID", "id": "50710" } ], "trust": 0.3 }, "cve": "CVE-2011-4315", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2011-4315", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-52260", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-4315", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201111-315", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-52260", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-52260" }, { "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "db": "NVD", "id": "CVE-2011-4315" }, { "db": "CNNVD", "id": "CNNVD-201111-315" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. nginx is prone to a remote heap-based buffer-overflow vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. \nVersions prior to nginx 1.0.10 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: nginx: Multiple vulnerabilities\n Date: March 28, 2012\n Bugs: #293785, #293786, #293788, #389319, #408367\n ID: 201203-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.0.14 \u003e= 1.0.14\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in nginx:\n\n* The TLS protocol does not properly handle session renegotiation\n requests (CVE-2009-3555). \n* The \"ngx_http_process_request_headers()\" function in ngx_http_parse.c\n could cause a NULL pointer dereference (CVE-2009-3896). \n* nginx does not properly sanitize user input for the the WebDAV COPY\n or MOVE methods (CVE-2009-3898). \n* The \"ngx_resolver_copy()\" function in ngx_resolver.c contains a\n boundary error which could cause a heap-based buffer overflow\n (CVE-2011-4315). \n* nginx does not properly parse HTTP header responses which could\n expose sensitive information (CVE-2012-1180). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.0.14\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2009-3896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896\n[ 3 ] CVE-2009-3898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898\n[ 4 ] CVE-2011-4315\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315\n[ 5 ] CVE-2012-1180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-22.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nnginx DNS Response Handling Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA46798\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46798/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46798\n\nRELEASE DATE:\n2011-11-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46798/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46798/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46798\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in nginx, which can be exploited by\nmalicious people to potentially compromise a vulnerable system. \n\nSuccessful exploitation may allow execution of arbitrary code but\nrequires that the custom DNS resolver is enabled (disabled by\ndefault). \n\nSOLUTION:\nUpdate to version 1.0.10. \n\nPROVIDED AND/OR DISCOVERED BY:\nBen Hawkes\n\nORIGINAL ADVISORY:\nnginx:\nhttp://nginx.org/en/CHANGES-1.0\n\nBen Hawkes:\nhttp://www.openwall.com/lists/oss-security/2011/11/17/8\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. This fixes a weakness, a\nsecurity issue, and multiple vulnerabilities, which can be exploited\nby malicious people to disclose certain sensitive information, bypass\ncertain security restrictions, cause a DoS (Denial of Service),\nmanipulate certain data, and potentially compromise a vulnerable\nsystem", "sources": [ { "db": "NVD", "id": "CVE-2011-4315" }, { "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "db": "BID", "id": "50710" }, { "db": "VULHUB", "id": "VHN-52260" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "107566" }, { "db": "PACKETSTORM", "id": "107076" }, { "db": "PACKETSTORM", "id": "111263" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-4315", "trust": 2.9 }, { "db": "BID", "id": "50710", "trust": 2.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2011/11/17/8", "trust": 1.8 }, { "db": "SECUNIA", "id": "47097", "trust": 1.8 }, { "db": "SECUNIA", "id": "48577", "trust": 1.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2011/11/17/10", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2011-003324", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201111-315", "trust": 0.7 }, { "db": "SECUNIA", "id": "46798", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-52260", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111273", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107566", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107076", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111263", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-52260" }, { "db": "BID", "id": "50710" }, { "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "107566" }, { "db": "PACKETSTORM", "id": "107076" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2011-4315" }, { "db": "CNNVD", "id": "CNNVD-201111-315" } ] }, "id": "VAR-201112-0347", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-52260" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:22:50.930000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CHANGES-1.0", "trust": 0.8, "url": "http://www.nginx.org/en/changes-1.0" }, { "title": "4268 (nginx)", "trust": 0.8, "url": "http://trac.nginx.org/nginx/changeset/4268/nginx" }, { "title": "nginx-1.0.10", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42000" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "db": "CNNVD", "id": "CNNVD-201111-315" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-52260" }, { "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "db": "NVD", "id": "CVE-2011-4315" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://trac.nginx.org/nginx/changeset/4268/nginx" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "trust": 1.7, "url": "http://secunia.com/advisories/47097" }, { "trust": 1.7, "url": "http://secunia.com/advisories/48577" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/50710" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-december/070569.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html" }, { "trust": 1.7, "url": "http://openwall.com/lists/oss-security/2011/11/17/8" }, { "trust": 1.7, "url": "http://openwall.com/lists/oss-security/2011/11/17/10" }, { "trust": 1.7, "url": "http://www.nginx.org/en/changes-1.0" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4315" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4315" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://www.nginx.org/en/changes" }, { "trust": 0.3, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.3, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.3, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.3, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.3, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.3, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.2, "url": "http://secunia.com/company/jobs/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3896" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4315" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3896" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4315" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47097" }, { "trust": 0.1, "url": "http://secunia.com/advisories/47097/" }, { "trust": 0.1, "url": "https://hermes.opensuse.org/messages/12768388" }, { "trust": 0.1, "url": "http://secunia.com/advisories/47097/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46798" }, { "trust": 0.1, "url": "http://www.openwall.com/lists/oss-security/2011/11/17/8" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46798/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46798/#comments" }, { "trust": 0.1, "url": "http://nginx.org/en/changes-1.0" }, { "trust": 0.1, "url": "http://secunia.com/psi_30_beta_launch" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48577/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48577/#comments" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml" } ], "sources": [ { "db": "VULHUB", "id": "VHN-52260" }, { "db": "BID", "id": "50710" }, { "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "107566" }, { "db": "PACKETSTORM", "id": "107076" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2011-4315" }, { "db": "CNNVD", "id": "CNNVD-201111-315" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-52260" }, { "db": "BID", "id": "50710" }, { "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "107566" }, { "db": "PACKETSTORM", "id": "107076" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2011-4315" }, { "db": "CNNVD", "id": "CNNVD-201111-315" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-12-08T00:00:00", "db": "VULHUB", "id": "VHN-52260" }, { "date": "2011-11-17T00:00:00", "db": "BID", "id": "50710" }, { "date": "2011-12-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "date": "2012-03-29T02:37:12", "db": "PACKETSTORM", "id": "111273" }, { "date": "2011-12-06T04:14:38", "db": "PACKETSTORM", "id": "107566" }, { "date": "2011-11-17T02:29:24", "db": "PACKETSTORM", "id": "107076" }, { "date": "2012-03-28T06:36:19", "db": "PACKETSTORM", "id": "111263" }, { "date": "2011-12-08T20:55:01", "db": "NVD", "id": "CVE-2011-4315" }, { "date": "2011-11-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201111-315" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-52260" }, { "date": "2015-04-13T21:13:00", "db": "BID", "id": "50710" }, { "date": "2011-12-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-003324" }, { "date": "2021-11-10T15:54:43.753000", "db": "NVD", "id": "CVE-2011-4315" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201111-315" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201111-315" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Heap-based buffer overflow vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003324" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201111-315" } ], "trust": 0.6 } }
var-201006-0493
Vulnerability from variot
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. Nginx is a high-performance web server that is widely used. It is not only often used as a reverse proxy, but also very well supported for PHP. Nginx does not handle user requests correctly. A remote attacker can exploit the vulnerability to obtain script source code information and perform denial of service attacks on the application. nginx is prone to remote source-code-disclosure and denial-of-service vulnerabilities. nginx 0.8.36 for Windows is vulnerable; other versions may also be affected
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201006-0493", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.7.52" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "0.7.66" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.8.0" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "0.8.39" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.7.66" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.40" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.7" }, { "model": null, "scope": null, "trust": 0.6, "vendor": "no", "version": null }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.16" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.15" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.2" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.14" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.3" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.13" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.20" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.36" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.35" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.33" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.32" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.15" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.65" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.64" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.62" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.61" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "0.8.41" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "0.7.66" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-1094" }, { "db": "BID", "id": "40760" }, { "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "db": "NVD", "id": "CVE-2010-2263" }, { "db": "CNNVD", "id": "CNNVD-201006-224" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.66", "versionStartIncluding": "0.7.52", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.8.39", "versionStartIncluding": "0.8.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-2263" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Dr_IDE Jose Antonio Vazquez Gonzalez", "sources": [ { "db": "CNNVD", "id": "CNNVD-201006-224" } ], "trust": 0.6 }, "cve": "CVE-2010-2263", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2010-2263", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-2263", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201006-224", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "db": "NVD", "id": "CVE-2010-2263" }, { "db": "CNNVD", "id": "CNNVD-201006-224" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. Nginx is a high-performance web server that is widely used. It is not only often used as a reverse proxy, but also very well supported for PHP. Nginx does not handle user requests correctly. A remote attacker can exploit the vulnerability to obtain script source code information and perform denial of service attacks on the application. nginx is prone to remote source-code-disclosure and denial-of-service vulnerabilities. \nnginx 0.8.36 for Windows is vulnerable; other versions may also be affected", "sources": [ { "db": "NVD", "id": "CVE-2010-2263" }, { "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "db": "CNVD", "id": "CNVD-2010-1094" }, { "db": "BID", "id": "40760" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-2263", "trust": 2.7 }, { "db": "BID", "id": "40760", "trust": 2.5 }, { "db": "EXPLOIT-DB", "id": "13818", "trust": 1.6 }, { "db": "EXPLOIT-DB", "id": "13822", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2010-004869", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2010-1094", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201006-224", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-1094" }, { "db": "BID", "id": "40760" }, { "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "db": "NVD", "id": "CVE-2010-2263" }, { "db": "CNNVD", "id": "CNNVD-201006-224" } ] }, "id": "VAR-201006-0493", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2010-1094" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-1094" } ] }, "last_update_date": "2023-12-18T12:31:33.369000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://nginx.org/" }, { "title": "Nginx remote source code leak and denial of service patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/454" }, { "title": "Vulnerabilities with Windows file default stream", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=3683" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-1094" }, { "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "db": "CNNVD", "id": "CNNVD-201006-224" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "db": "NVD", "id": "CVE-2010-2263" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html" }, { "trust": 1.6, "url": "http://www.exploit-db.com/exploits/13818" }, { "trust": 1.6, "url": "http://www.exploit-db.com/exploits/13822" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/40760" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2263" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2263" }, { "trust": 0.6, "url": "http://www.securityfocus.com/bid/40760/" }, { "trust": 0.3, "url": "http://nginx.org/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-1094" }, { "db": "BID", "id": "40760" }, { "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "db": "NVD", "id": "CVE-2010-2263" }, { "db": "CNNVD", "id": "CNNVD-201006-224" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2010-1094" }, { "db": "BID", "id": "40760" }, { "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "db": "NVD", "id": "CVE-2010-2263" }, { "db": "CNNVD", "id": "CNNVD-201006-224" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-06-13T00:00:00", "db": "CNVD", "id": "CNVD-2010-1094" }, { "date": "2010-06-11T00:00:00", "db": "BID", "id": "40760" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "date": "2010-06-15T14:04:24.313000", "db": "NVD", "id": "CVE-2010-2263" }, { "date": "2010-06-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201006-224" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-06-13T00:00:00", "db": "CNVD", "id": "CNVD-2010-1094" }, { "date": "2015-04-13T21:02:00", "db": "BID", "id": "40760" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-004869" }, { "date": "2021-11-10T15:52:53.917000", "db": "NVD", "id": "CVE-2010-2263" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201006-224" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201006-224" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Vulnerabilities in which source code is obtained", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-004869" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201006-224" } ], "trust": 0.6 } }
var-201403-0548
Vulnerability from variot
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. nginx is prone to a heap-based buffer-overflow vulnerability. Successful exploitation of this issue allow an attacker to execute arbitrary code in the context of the application, failed exploit attempts may lead to denial-of-service. nginx 1.3.15 through 1.4.7 and 1.5.0 through 1.5.12 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-20
http://security.gentoo.org/
Severity: Normal Title: nginx: Arbitrary code execution Date: June 22, 2014 Bugs: #505018 ID: 201406-20
Synopsis
A vulnerability has been found in nginx which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server. The SPDY implementation is not enabled in default configurations.
Workaround
Disable the spdy module in NGINX_MODULES_HTTP.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.7"
References
[ 1 ] CVE-2014-0133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0133
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-20.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position (CVE-2014-3616).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616 http://advisories.mageia.org/MGASA-2014-0136.html http://advisories.mageia.org/MGASA-2014-0427.html
Updated Packages:
Mandriva Business Server 2/X86_64: f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVFnUlmqjQ0CJFipgRAvneAJ0evtNmMhS+lWltq9051wHRR6vuDgCg3BW0 x8jC+tKifZWs8shTG2EYzgo= =oIRY -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201403-0548", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "opensuse", "scope": "eq", "trust": 1.4, "vendor": "novell", "version": "13.1" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.3.15" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.5.11" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.4.7" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.1" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.5.0" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.4.7" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.5.12" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.5.x" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.4.2" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null } ], "sources": [ { "db": "BID", "id": "66537" }, { "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "db": "NVD", "id": "CVE-2014-0133" }, { "db": "CNNVD", "id": "CNNVD-201403-536" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.7", "versionStartIncluding": "1.3.15", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.5.11", "versionStartIncluding": "1.5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0133" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Lucas Molas", "sources": [ { "db": "BID", "id": "66537" } ], "trust": 0.3 }, "cve": "CVE-2014-0133", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2014-0133", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-67626", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-0133", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-0133", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201403-536", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-67626", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-67626" }, { "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "db": "NVD", "id": "CVE-2014-0133" }, { "db": "CNNVD", "id": "CNNVD-201403-536" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. nginx is prone to a heap-based buffer-overflow vulnerability. \nSuccessful exploitation of this issue allow an attacker to execute arbitrary code in the context of the application, failed exploit attempts may lead to denial-of-service. \nnginx 1.3.15 through 1.4.7 and 1.5.0 through 1.5.12 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201406-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Arbitrary code execution\n Date: June 22, 2014\n Bugs: #505018\n ID: 201406-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability has been found in nginx which may allow execution of\narbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. The SPDY implementation is not enabled in default\nconfigurations. \n\nWorkaround\n==========\n\nDisable the spdy module in NGINX_MODULES_HTTP. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.4.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0133\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0133\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201406-20.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n \n Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\n it was possible to reuse cached SSL sessions in unrelated contexts,\n allowing virtual host confusion attacks in some configurations by an\n attacker in a privileged network position (CVE-2014-3616). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616\n http://advisories.mageia.org/MGASA-2014-0136.html\n http://advisories.mageia.org/MGASA-2014-0427.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm \n 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFnUlmqjQ0CJFipgRAvneAJ0evtNmMhS+lWltq9051wHRR6vuDgCg3BW0\nx8jC+tKifZWs8shTG2EYzgo=\n=oIRY\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2014-0133" }, { "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "db": "BID", "id": "66537" }, { "db": "VULHUB", "id": "VHN-67626" }, { "db": "PACKETSTORM", "id": "127175" }, { "db": "PACKETSTORM", "id": "131099" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0133", "trust": 3.0 }, { "db": "BID", "id": "66537", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2014-001833", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201403-536", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "127175", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "131099", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-67626", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-67626" }, { "db": "BID", "id": "66537" }, { "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "db": "PACKETSTORM", "id": "127175" }, { "db": "PACKETSTORM", "id": "131099" }, { "db": "NVD", "id": "CVE-2014-0133" }, { "db": "CNNVD", "id": "CNNVD-201403-536" } ] }, "id": "VAR-201403-0548", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-67626" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T12:51:48.213000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "openSUSE-SU-2014:0450", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html" }, { "title": "CVE-2014-0133", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html" }, { "title": "nginx-1.4.7-3.9.1.x86_64", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48927" }, { "title": "nginx-1.4.7-3.9.1.src", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48926" }, { "title": "nginx-1.5.12", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48924" }, { "title": "nginx-1.4.7", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48923" }, { "title": "nginx-1.4.7", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48922" }, { "title": "nginx-1.5.12", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48925" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "db": "CNNVD", "id": "CNNVD-201403-536" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-67626" }, { "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "db": "NVD", "id": "CVE-2014-0133" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://www.securityfocus.com/bid/66537" }, { "trust": 1.7, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0133" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0133" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0133" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201406-20.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0133" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://advisories.mageia.org/mgasa-2014-0136.html" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3616" }, { "trust": 0.1, "url": "http://advisories.mageia.org/mgasa-2014-0427.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3616" } ], "sources": [ { "db": "VULHUB", "id": "VHN-67626" }, { "db": "BID", "id": "66537" }, { "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "db": "PACKETSTORM", "id": "127175" }, { "db": "PACKETSTORM", "id": "131099" }, { "db": "NVD", "id": "CVE-2014-0133" }, { "db": "CNNVD", "id": "CNNVD-201403-536" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-67626" }, { "db": "BID", "id": "66537" }, { "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "db": "PACKETSTORM", "id": "127175" }, { "db": "PACKETSTORM", "id": "131099" }, { "db": "NVD", "id": "CVE-2014-0133" }, { "db": "CNNVD", "id": "CNNVD-201403-536" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-03-28T00:00:00", "db": "VULHUB", "id": "VHN-67626" }, { "date": "2014-03-18T00:00:00", "db": "BID", "id": "66537" }, { "date": "2014-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "date": "2014-06-24T00:56:14", "db": "PACKETSTORM", "id": "127175" }, { "date": "2015-03-30T21:26:01", "db": "PACKETSTORM", "id": "131099" }, { "date": "2014-03-28T15:55:08.607000", "db": "NVD", "id": "CVE-2014-0133" }, { "date": "2014-03-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201403-536" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-67626" }, { "date": "2014-06-23T06:45:00", "db": "BID", "id": "66537" }, { "date": "2014-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001833" }, { "date": "2021-11-10T15:59:33.583000", "db": "NVD", "id": "CVE-2014-0133" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201403-536" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201403-536" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of SPDY Implementation of heap-based buffer overflow vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001833" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201403-536" } ], "trust": 0.6 } }
var-200909-0576
Vulnerability from variot
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Nginx A web server contains a buffer underrun vulnerability. Nginx Is offered for various platforms HTTP Server and mail proxy server. Nginx Is ngx_http_parse_complex_uri() There was a problem with the function and it was crafted URI A buffer underrun may occur when processing.nginx Consists of a privileged master process and an unprivileged worker process. Arbitrary code execution or denial of service by a remote third party with the authority of a worker process (DoS) There is a possibility of being attacked. The 'nginx' program is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 0.7.62 >= 0.5.38 >= 0.6.39 >= 0.7.62
Description
Chris Ries reported a heap-based buffer underflow in the ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when parsing the request URI. NOTE: By default, nginx runs as the "nginx" user.
Workaround
There is no known workaround at this time.
Resolution
All nginx 0.5.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38
All nginx 0.6.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39
All nginx 0.7.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62
References
[ 1 ] CVE-2009-2629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200909-18.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-1884-1 security@debian.org http://www.debian.org/security/ Nico Golde September 14th, 2009 http://www.debian.org/security/faq
Package : nginx Vulnerability : buffer underflow Problem type : remote Debian-specific: no CVE ID : CVE-2009-2629
Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests.
For the oldstable distribution (etch), this problem has been fixed in version 0.4.13-2+etch2.
For the stable distribution (lenny), this problem has been fixed in version 0.6.32-3+lenny2.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in version 0.7.61-3.
We recommend that you upgrade your nginx packages.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
Debian (oldstable)
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb Size/MD5 checksum: 185032 15212749985501b223af7888447fc433
Debian GNU/Linux 5.0 alias lenny
Debian (stable)
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz Size/MD5 checksum: 10720 b2c8f555b7de4ac17b2c98247fd2ae6b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz Size/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb Size/MD5 checksum: 297782 dc05cbf94712134298acdedad2a4e85d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb Size/MD5 checksum: 268518 58dc10022dd7b20ff58a4b839be62a43
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb Size/MD5 checksum: 251688 7f5a9499de8ba40ae2caea7de183b966
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb Size/MD5 checksum: 282324 f0264b98d0564f51692292c0ec269a19
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb Size/MD5 checksum: 253060 a64340fa3a9a5b58e23267f13abfeeed
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb Size/MD5 checksum: 420004 a2e6de141194e41a60893b0b2c457f28
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb Size/MD5 checksum: 283220 04407318230621467ea3a42bfb11d724
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb Size/MD5 checksum: 283444 0bd0eb1e415d7d6877a95e21ddb91fa7
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb Size/MD5 checksum: 276056 fae6451ab5ac767f93d3229a9e01f3bf
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb Size/MD5 checksum: 256778 df6a47fe174736468910a4166fe0a064
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
iEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl pZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH =Xrul -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200909-0576", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.3, "vendor": "debian", "version": "5.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "6.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "12" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.8.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "4.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "11" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "10" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "0.5.38" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.7.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "0.7.62" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.1.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "0.6.39" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "0.8.15" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.6.0" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nginx", "version": null }, { "model": "nginx", "scope": "lte", "trust": 0.8, "vendor": "igor sysoev", "version": "0.1.0 from 0.5.37" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.6.39 earlier" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.7.62 earlier" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.15 earlier" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.1.10" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.61" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.38" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.5.37" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "0.8.15" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "0.7.62" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "0.6.39" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "0.5.38" } ], "sources": [ { "db": "CERT/CC", "id": "VU#180065" }, { "db": "BID", "id": "36384" }, { "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "db": "NVD", "id": "CVE-2009-2629" }, { "db": "CNNVD", "id": "CNNVD-200909-302" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.5.38", "versionStartIncluding": "0.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.6.39", "versionStartIncluding": "0.6.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.62", "versionStartIncluding": "0.7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.8.15", "versionStartIncluding": "0.8.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2009-2629" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Chris Ries", "sources": [ { "db": "BID", "id": "36384" }, { "db": "CNNVD", "id": "CNNVD-200909-302" } ], "trust": 0.9 }, "cve": "CVE-2009-2629", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2009-2629", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-40075", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2009-2629", "trust": 1.8, "value": "HIGH" }, { "author": "CARNEGIE MELLON", "id": "VU#180065", "trust": 0.8, "value": "4.22" }, { "author": "CNNVD", "id": "CNNVD-200909-302", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-40075", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#180065" }, { "db": "VULHUB", "id": "VHN-40075" }, { "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "db": "NVD", "id": "CVE-2009-2629" }, { "db": "CNNVD", "id": "CNNVD-200909-302" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Nginx A web server contains a buffer underrun vulnerability. Nginx Is offered for various platforms HTTP Server and mail proxy server. Nginx Is ngx_http_parse_complex_uri() There was a problem with the function and it was crafted URI A buffer underrun may occur when processing.nginx Consists of a privileged master process and an unprivileged worker process. Arbitrary code execution or denial of service by a remote third party with the authority of a worker process (DoS) There is a possibility of being attacked. The \u0027nginx\u0027 program is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 0.7.62 *\u003e= 0.5.38\n *\u003e= 0.6.39\n \u003e= 0.7.62\n\nDescription\n===========\n\nChris Ries reported a heap-based buffer underflow in the\nngx_http_parse_complex_uri() function in http/ngx_http_parse.c when\nparsing the request URI. NOTE: By default, nginx runs as the \"nginx\" user. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx 0.5.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38\n\nAll nginx 0.6.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39\n\nAll nginx 0.7.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62\n\nReferences\n==========\n\n [ 1 ] CVE-2009-2629\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200909-18.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2009 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1884-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nSeptember 14th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : nginx\nVulnerability : buffer underflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-2629\n\nChris Ries discovered that nginx, a high-performance HTTP server, reverse\nproxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when\nprocessing certain HTTP requests. \n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.4.13-2+etch2. \n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.6.32-3+lenny2. \n\nFor the testing distribution (squeeze), this problem will be fixed soon. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.7.61-3. \n\n\nWe recommend that you upgrade your nginx packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz\n Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz\n Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc\n Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb\n Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb\n Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb\n Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb\n Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb\n Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb\n Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb\n Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb\n Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb\n Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb\n Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb\n Size/MD5 checksum: 185032 15212749985501b223af7888447fc433\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc\n Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz\n Size/MD5 checksum: 10720 b2c8f555b7de4ac17b2c98247fd2ae6b\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz\n Size/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb\n Size/MD5 checksum: 297782 dc05cbf94712134298acdedad2a4e85d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb\n Size/MD5 checksum: 268518 58dc10022dd7b20ff58a4b839be62a43\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb\n Size/MD5 checksum: 251688 7f5a9499de8ba40ae2caea7de183b966\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb\n Size/MD5 checksum: 282324 f0264b98d0564f51692292c0ec269a19\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb\n Size/MD5 checksum: 253060 a64340fa3a9a5b58e23267f13abfeeed\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb\n Size/MD5 checksum: 420004 a2e6de141194e41a60893b0b2c457f28\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb\n Size/MD5 checksum: 283220 04407318230621467ea3a42bfb11d724\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb\n Size/MD5 checksum: 283444 0bd0eb1e415d7d6877a95e21ddb91fa7\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb\n Size/MD5 checksum: 276056 fae6451ab5ac767f93d3229a9e01f3bf\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb\n Size/MD5 checksum: 256778 df6a47fe174736468910a4166fe0a064\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl\npZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH\n=Xrul\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2009-2629" }, { "db": "CERT/CC", "id": "VU#180065" }, { "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "db": "BID", "id": "36384" }, { "db": "VULHUB", "id": "VHN-40075" }, { "db": "PACKETSTORM", "id": "81454" }, { "db": "PACKETSTORM", "id": "81284" } ], "trust": 2.88 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-40075", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-40075" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#180065", "trust": 3.6 }, { "db": "NVD", "id": "CVE-2009-2629", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2009-002152", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200909-302", "trust": 0.7 }, { "db": "BID", "id": "36384", "trust": 0.4 }, { "db": "PACKETSTORM", "id": "81454", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "81284", "trust": 0.2 }, { "db": "SEEBUG", "id": "SSVID-87569", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-69732", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "14830", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-40075", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#180065" }, { "db": "VULHUB", "id": "VHN-40075" }, { "db": "BID", "id": "36384" }, { "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "db": "PACKETSTORM", "id": "81454" }, { "db": "PACKETSTORM", "id": "81284" }, { "db": "NVD", "id": "CVE-2009-2629" }, { "db": "CNNVD", "id": "CNNVD-200909-302" } ] }, "id": "VAR-200909-0576", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-40075" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:58:03.931000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://nginx.net/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-002152" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-40075" }, { "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "db": "NVD", "id": "CVE-2009-2629" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://www.kb.cert.org/vuls/id/180065" }, { "trust": 2.5, "url": "http://www.debian.org/security/2009/dsa-1884" }, { "trust": 2.0, "url": "http://nginx.net/changes-0.5" }, { "trust": 2.0, "url": "http://nginx.net/changes-0.6" }, { "trust": 2.0, "url": "http://nginx.net/changes-0.7" }, { "trust": 1.7, "url": "http://sysoev.ru/nginx/patch.180065.txt" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html" }, { "trust": 1.4, "url": "http://nginx.net/changes" }, { "trust": 0.9, "url": "http://security.gentoo.org/glsa/glsa-200909-18.xml" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2629" }, { "trust": 0.8, "url": "about vulnerability notes" }, { "trust": 0.8, "url": "contact us about this vulnerability" }, { "trust": 0.8, "url": "provide a vendor statement" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu180065/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2629" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2629" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.debian.org/" }, { "trust": 0.1, "url": "http://packages.debian.org/\u003cpkg\u003e" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb" } ], "sources": [ { "db": "CERT/CC", "id": "VU#180065" }, { "db": "VULHUB", "id": "VHN-40075" }, { "db": "BID", "id": "36384" }, { "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "db": "PACKETSTORM", "id": "81454" }, { "db": "PACKETSTORM", "id": "81284" }, { "db": "NVD", "id": "CVE-2009-2629" }, { "db": "CNNVD", "id": "CNNVD-200909-302" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#180065" }, { "db": "VULHUB", "id": "VHN-40075" }, { "db": "BID", "id": "36384" }, { "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "db": "PACKETSTORM", "id": "81454" }, { "db": "PACKETSTORM", "id": "81284" }, { "db": "NVD", "id": "CVE-2009-2629" }, { "db": "CNNVD", "id": "CNNVD-200909-302" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-09-15T00:00:00", "db": "CERT/CC", "id": "VU#180065" }, { "date": "2009-09-15T00:00:00", "db": "VULHUB", "id": "VHN-40075" }, { "date": "2009-09-14T00:00:00", "db": "BID", "id": "36384" }, { "date": "2009-10-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "date": "2009-09-19T16:50:46", "db": "PACKETSTORM", "id": "81454" }, { "date": "2009-09-15T04:05:55", "db": "PACKETSTORM", "id": "81284" }, { "date": "2009-09-15T22:30:00.233000", "db": "NVD", "id": "CVE-2009-2629" }, { "date": "2009-09-15T00:00:00", "db": "CNNVD", "id": "CNNVD-200909-302" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-09-21T00:00:00", "db": "CERT/CC", "id": "VU#180065" }, { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-40075" }, { "date": "2015-05-07T17:02:00", "db": "BID", "id": "36384" }, { "date": "2009-10-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-002152" }, { "date": "2021-11-10T15:52:54.030000", "db": "NVD", "id": "CVE-2009-2629" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-200909-302" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "81454" }, { "db": "CNNVD", "id": "CNNVD-200909-302" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability", "sources": [ { "db": "CERT/CC", "id": "VU#180065" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200909-302" } ], "trust": 0.6 } }
var-201307-0483
Vulnerability from variot
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. nginx is prone to a stack-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. The issue is fixed in nginx 1.4.1 and 1.5.0. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A denial of service vulnerability exists in the 'ngx_http_parse_chunked' function in http/ngx_http_parse.c in nginx versions 1.3.9 to 1.4.0. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-04
http://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: October 06, 2013 Bugs: #458726, #468870 ID: 201310-04
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.4.1-r2 >= 1.4.1-r2
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Furthermore, a context-dependent attacker may be able to obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.1-r2"
References
[ 1 ] CVE-2013-0337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337 [ 2 ] CVE-2013-2028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028 [ 3 ] CVE-2013-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-04.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . From: Maxim Dounin mdounin at mdounin.ru Tue May 7 11:30:26 UTC 2013
Hello!
Greg MacManus, of iSIGHT Partners Labs, found a security problem in several recent versions of nginx.
Patch for the problem can be found here:
http://nginx.org/download/patch.2013.chunked.txt
As a temporary workaround the following configuration can be used in each server{} block:
if ($http_transfer_encoding ~* chunked) {
return 444;
}
-- Maxim Dounin http://nginx.org/en/donation.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201307-0483", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "19" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.3.9" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.3.9 to 1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.4.0" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.4.4" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.3.9" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "1.5.7" }, { "model": "sysoev nginx", "scope": "ne", "trust": 0.3, "vendor": "igor", "version": "1.4.1" } ], "sources": [ { "db": "BID", "id": "59699" }, { "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "db": "NVD", "id": "CVE-2013-2028" }, { "db": "CNNVD", "id": "CNNVD-201305-143" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.4.0", "versionStartIncluding": "1.3.9", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2013-2028" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Greg MacManus of iSIGHT Partners Labs", "sources": [ { "db": "BID", "id": "59699" }, { "db": "CNNVD", "id": "CNNVD-201305-143" } ], "trust": 0.9 }, "cve": "CVE-2013-2028", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2013-2028", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-62030", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2013-2028", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201305-143", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-62030", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2013-2028", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-62030" }, { "db": "VULMON", "id": "CVE-2013-2028" }, { "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "db": "NVD", "id": "CVE-2013-2028" }, { "db": "CNNVD", "id": "CNNVD-201305-143" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. nginx is prone to a stack-based buffer-overflow vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. \nThe issue is fixed in nginx 1.4.1 and 1.5.0. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A denial of service vulnerability exists in the \u0027ngx_http_parse_chunked\u0027 function in http/ngx_http_parse.c in nginx versions 1.3.9 to 1.4.0. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201310-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: October 06, 2013\n Bugs: #458726, #468870\n ID: 201310-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.4.1-r2 \u003e= 1.4.1-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could send a specially crafted request, possibly\nresulting in execution of arbitrary code with the privileges of the\nprocess, or a Denial of Service condition. Furthermore, a\ncontext-dependent attacker may be able to obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.4.1-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-0337\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337\n[ 2 ] CVE-2013-2028\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028\n[ 3 ] CVE-2013-2070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201310-04.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. From: Maxim Dounin mdounin at mdounin.ru\nTue May 7 11:30:26 UTC 2013\n\nHello!\n\nGreg MacManus, of iSIGHT Partners Labs, found a security problem\nin several recent versions of nginx. \n\nPatch for the problem can be found here:\n\nhttp://nginx.org/download/patch.2013.chunked.txt\n\nAs a temporary workaround the following configuration\ncan be used in each server{} block:\n\n if ($http_transfer_encoding ~* chunked) {\n return 444;\n }\n\n\n-- \nMaxim Dounin\nhttp://nginx.org/en/donation.html\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2013-2028" }, { "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "db": "BID", "id": "59699" }, { "db": "VULHUB", "id": "VHN-62030" }, { "db": "VULMON", "id": "CVE-2013-2028" }, { "db": "PACKETSTORM", "id": "123516" }, { "db": "PACKETSTORM", "id": "121560" } ], "trust": 2.25 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=25499", "trust": 0.4, "type": "exploit" }, { "reference": "https://www.scap.org.cn/vuln/vhn-62030", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-62030" }, { "db": "VULMON", "id": "CVE-2013-2028" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2013-2028", "trust": 3.1 }, { "db": "BID", "id": "59699", "trust": 2.1 }, { "db": "PACKETSTORM", "id": "121675", "trust": 1.8 }, { "db": "SECUNIA", "id": "55181", "trust": 1.8 }, { "db": "OSVDB", "id": "93037", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2013-003473", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201305-143", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "121560", "trust": 0.2 }, { "db": "EXPLOIT-DB", "id": "25499", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "125758", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "121712", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "122477", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "26737", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "25775", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "32277", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-85572", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-79430", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-79160", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-80363", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-62030", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2013-2028", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123516", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-62030" }, { "db": "VULMON", "id": "CVE-2013-2028" }, { "db": "BID", "id": "59699" }, { "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "db": "PACKETSTORM", "id": "123516" }, { "db": "PACKETSTORM", "id": "121560" }, { "db": "NVD", "id": "CVE-2013-2028" }, { "db": "CNNVD", "id": "CNNVD-201305-143" } ] }, "id": "VAR-201307-0483", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-62030" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:22:29.143000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "GLSA 201310-04", "trust": 0.8, "url": "http://www.gentoo.org/security/en/glsa/glsa-201310-04.xml" }, { "title": "Top Page", "trust": 0.8, "url": "http://nginx.org/ja/" }, { "title": "CVE-2013-2028", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html" }, { "title": "nginx \u0027ngx_http_parse.c\u0027 Repair measures for stack buffer error vulnerability", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=134168" }, { "title": "nginxpwn", "trust": 0.1, "url": "https://github.com/kitctf/nginxpwn " }, { "title": "hack4career", "trust": 0.1, "url": "https://github.com/mertsarica/hack4career " }, { "title": "docker-cve-2013-2028", "trust": 0.1, "url": "https://github.com/mambroziak/docker-cve-2013-2028 " }, { "title": "nginx-1.4.0", "trust": 0.1, "url": "https://github.com/danghvu/nginx-1.4.0 " }, { "title": "zeus-software-security", "trust": 0.1, "url": "https://github.com/alexgeunholee/zeus-software-security " }, { "title": "nginxhack", "trust": 0.1, "url": "https://github.com/jptr218/nginxhack " }, { "title": "non-controlflow-hijacking-datasets", "trust": 0.1, "url": "https://github.com/camel-clarkson/non-controlflow-hijacking-datasets " }, { "title": "exploit-development-case-studies", "trust": 0.1, "url": "https://github.com/dyjakan/exploit-development-case-studies " }, { "title": "LinuxFlaw", "trust": 0.1, "url": "https://github.com/mudongliang/linuxflaw " } ], "sources": [ { "db": "VULMON", "id": "CVE-2013-2028" }, { "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "db": "CNNVD", "id": "CNNVD-201305-143" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-189", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-62030" }, { "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "db": "NVD", "id": "CVE-2013-2028" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "http://www.securityfocus.com/bid/59699" }, { "trust": 1.9, "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml" }, { "trust": 1.9, "url": "http://nginx.org/download/patch.2013.chunked.txt" }, { "trust": 1.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-may/105176.html" }, { "trust": 1.8, "url": "http://packetstormsecurity.com/files/121675/nginx-1.3.9-1.4.0-denial-of-service.html" }, { "trust": 1.8, "url": "http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/" }, { "trust": 1.8, "url": "https://github.com/rapid7/metasploit-framework/pull/1834" }, { "trust": 1.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html" }, { "trust": 1.8, "url": "http://www.osvdb.org/93037" }, { "trust": 1.8, "url": "http://secunia.com/advisories/55181" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2028" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2028" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://int3pids.blogspot.com.es/2013/07/nginx-reliable-explotation-through.html" }, { "trust": 0.3, "url": "http://seclists.org/oss-sec/2013/q2/290" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2028" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://github.com/kitctf/nginxpwn" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/25499/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2070" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0337" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0337" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2028" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2070" }, { "trust": 0.1, "url": "http://nginx.org/en/donation.html" } ], "sources": [ { "db": "VULHUB", "id": "VHN-62030" }, { "db": "VULMON", "id": "CVE-2013-2028" }, { "db": "BID", "id": "59699" }, { "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "db": "PACKETSTORM", "id": "123516" }, { "db": "PACKETSTORM", "id": "121560" }, { "db": "NVD", "id": "CVE-2013-2028" }, { "db": "CNNVD", "id": "CNNVD-201305-143" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-62030" }, { "db": "VULMON", "id": "CVE-2013-2028" }, { "db": "BID", "id": "59699" }, { "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "db": "PACKETSTORM", "id": "123516" }, { "db": "PACKETSTORM", "id": "121560" }, { "db": "NVD", "id": "CVE-2013-2028" }, { "db": "CNNVD", "id": "CNNVD-201305-143" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-07-20T00:00:00", "db": "VULHUB", "id": "VHN-62030" }, { "date": "2013-07-20T00:00:00", "db": "VULMON", "id": "CVE-2013-2028" }, { "date": "2013-05-07T00:00:00", "db": "BID", "id": "59699" }, { "date": "2013-07-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "date": "2013-10-07T22:29:42", "db": "PACKETSTORM", "id": "123516" }, { "date": "2013-05-08T02:43:02", "db": "PACKETSTORM", "id": "121560" }, { "date": "2013-07-20T03:37:20.730000", "db": "NVD", "id": "CVE-2013-2028" }, { "date": "2013-05-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201305-143" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-62030" }, { "date": "2021-11-10T00:00:00", "db": "VULMON", "id": "CVE-2013-2028" }, { "date": "2015-04-13T21:40:00", "db": "BID", "id": "59699" }, { "date": "2013-11-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-003473" }, { "date": "2021-11-10T15:59:33.553000", "db": "NVD", "id": "CVE-2013-2028" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201305-143" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201305-143" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of http/ngx_http_parse.c Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-003473" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201305-143" } ], "trust": 0.6 } }
var-200911-0311
Vulnerability from variot
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. nginx of src/http/modules/ngx_http_dav_module.c Contains a directory traversal vulnerability.By a remotely authenticated user WebDAV (1) COPY Or (2) MOVE To the method .. The 'nginx' program is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues using directory-traversal strings ('../') to overwrite arbitrary files outside the root directory. These issues affect nginx 0.7.61 and 0.7.62; other versions may also be affected. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: nginx WebDAV Directory Traversal Security Issue
SECUNIA ADVISORY ID: SA36818
VERIFY ADVISORY: http://secunia.com/advisories/36818/
DESCRIPTION: A security issue has been discovered in nginx, which can be exploited by malicious people to bypass certain security restrictions.
Successful exploitation requires that the server has been compiled with the http_dav_module and that the attacker is allowed to use the "MOVE" or "COPY" methods.
The security issue is reported in version 0.7.61 and confirmed in version 0.7.62.
SOLUTION: Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY: Kingcope
ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22
http://security.gentoo.org/
Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.0.14 >= 1.0.14
Description
Multiple vulnerabilities have been found in nginx:
- The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555).
- The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896).
- The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315).
- nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180).
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the nginx process, cause a Denial of Service condition, create or overwrite arbitrary files, or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-22.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Gentoo update for nginx
SECUNIA ADVISORY ID: SA48577
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48577/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48577
RELEASE DATE: 2012-03-28
DISCUSS ADVISORY: http://secunia.com/advisories/48577/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48577/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48577
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Gentoo has issued an update for nginx.
For more information: SA36751 SA36818 SA37291 SA46798 SA48366
SOLUTION: Update to "www-servers/nginx-1.0.14" or later
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200911-0311", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.49" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.45" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.45" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.42" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.5" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "0.7.62" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.39" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.47" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.59" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.50" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.51" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.41" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.61" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.48" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.57" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.42" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.43" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.46" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.39" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.54" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.61" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.43" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.46" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.55" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.56" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.50" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.40" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.60" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.54" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.57" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.53" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.51" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.56" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.39" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.44" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.49" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.47" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.55" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.52" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.40" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.48" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.53" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.41" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.59" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.44" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.52" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.45" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.43" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "nginx", "version": "0.6.1516" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.60" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.41" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.58" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.42" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.40" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.44" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.58" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.35" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.x" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.17" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.16" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.15" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.2" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.6.35" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.3" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.6.32" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.7.62" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.62" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.61" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null } ], "sources": [ { "db": "BID", "id": "36490" }, { "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "db": "NVD", "id": "CVE-2009-3898" }, { "db": "CNNVD", "id": "CNNVD-200911-245" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.7.62", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nginx:nginx:0.6.1516:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2009-3898" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Kingcope", "sources": [ { "db": "BID", "id": "36490" } ], "trust": 0.3 }, "cve": "CVE-2009-3898", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.9, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2009-3898", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "id": "VHN-41344", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2009-3898", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-200911-245", "trust": 0.6, "value": "LOW" }, { "author": "VULHUB", "id": "VHN-41344", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-41344" }, { "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "db": "NVD", "id": "CVE-2009-3898" }, { "db": "CNNVD", "id": "CNNVD-200911-245" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. nginx of src/http/modules/ngx_http_dav_module.c Contains a directory traversal vulnerability.By a remotely authenticated user WebDAV (1) COPY Or (2) MOVE To the method .. The \u0027nginx\u0027 program is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input. \nAn attacker can exploit these issues using directory-traversal strings (\u0027../\u0027) to overwrite arbitrary files outside the root directory. \nThese issues affect nginx 0.7.61 and 0.7.62; other versions may also be affected. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nnginx WebDAV Directory Traversal Security Issue\n\nSECUNIA ADVISORY ID:\nSA36818\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36818/\n\nDESCRIPTION:\nA security issue has been discovered in nginx, which can be exploited\nby malicious people to bypass certain security restrictions. \n\nSuccessful exploitation requires that the server has been compiled\nwith the http_dav_module and that the attacker is allowed to use the\n\"MOVE\" or \"COPY\" methods. \n\nThe security issue is reported in version 0.7.61 and confirmed in\nversion 0.7.62. \n\nSOLUTION:\nRestrict access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\nKingcope\n\nORIGINAL ADVISORY:\nhttp://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: nginx: Multiple vulnerabilities\n Date: March 28, 2012\n Bugs: #293785, #293786, #293788, #389319, #408367\n ID: 201203-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.0.14 \u003e= 1.0.14\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in nginx:\n\n* The TLS protocol does not properly handle session renegotiation\n requests (CVE-2009-3555). \n* The \"ngx_http_process_request_headers()\" function in ngx_http_parse.c\n could cause a NULL pointer dereference (CVE-2009-3896). \n* The \"ngx_resolver_copy()\" function in ngx_resolver.c contains a\n boundary error which could cause a heap-based buffer overflow\n (CVE-2011-4315). \n* nginx does not properly parse HTTP header responses which could\n expose sensitive information (CVE-2012-1180). \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the nginx process, cause a Denial of Service condition,\ncreate or overwrite arbitrary files, or obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.0.14\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2009-3896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896\n[ 3 ] CVE-2009-3898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898\n[ 4 ] CVE-2011-4315\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315\n[ 5 ] CVE-2012-1180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-22.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nGentoo update for nginx\n\nSECUNIA ADVISORY ID:\nSA48577\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48577/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577\n\nRELEASE DATE:\n2012-03-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48577/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48577/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nGentoo has issued an update for nginx. \n\nFor more information:\nSA36751\nSA36818\nSA37291\nSA46798\nSA48366\n\nSOLUTION:\nUpdate to \"www-servers/nginx-1.0.14\" or later", "sources": [ { "db": "NVD", "id": "CVE-2009-3898" }, { "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "db": "BID", "id": "36490" }, { "db": "VULHUB", "id": "VHN-41344" }, { "db": "PACKETSTORM", "id": "81568" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" } ], "trust": 2.25 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-41344", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-41344" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2009-3898", "trust": 2.9 }, { "db": "SECUNIA", "id": "36818", "trust": 1.8 }, { "db": "SECUNIA", "id": "48577", "trust": 1.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/20/1", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/23/10", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2009-005108", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200911-245", "trust": 0.7 }, { "db": "BID", "id": "36490", "trust": 0.4 }, { "db": "SEEBUG", "id": "SSVID-87572", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-66932", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "9829", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-41344", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "81568", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111273", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111263", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-41344" }, { "db": "BID", "id": "36490" }, { "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "db": "PACKETSTORM", "id": "81568" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2009-3898" }, { "db": "CNNVD", "id": "CNNVD-200911-245" } ] }, "id": "VAR-200911-0311", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-41344" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:26:44.750000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://nginx.org/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005108" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-41344" }, { "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "db": "NVD", "id": "CVE-2009-3898" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "trust": 1.7, "url": "http://secunia.com/advisories/36818" }, { "trust": 1.7, "url": "http://secunia.com/advisories/48577" }, { "trust": 1.6, "url": "http://marc.info/?l=oss-security\u0026m=125897327321676\u0026w=2" }, { "trust": 1.6, "url": "http://marc.info/?l=oss-security\u0026m=125897425223039\u0026w=2" }, { "trust": 1.6, "url": "http://marc.info/?l=oss-security\u0026m=125900327409842\u0026w=2" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3898" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3898" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "/archive/1/506662" }, { "trust": 0.2, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.2, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.2, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://marc.info/?l=oss-security\u0026amp;m=125897327321676\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=oss-security\u0026amp;m=125897425223039\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=oss-security\u0026amp;m=125900327409842\u0026amp;w=2" }, { "trust": 0.1, "url": "http://secunia.com/advisories/business_solutions/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/36818/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3896" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4315" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3896" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4315" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "http://secunia.com/psi_30_beta_launch" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48577/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48577/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml" } ], "sources": [ { "db": "VULHUB", "id": "VHN-41344" }, { "db": "BID", "id": "36490" }, { "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "db": "PACKETSTORM", "id": "81568" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2009-3898" }, { "db": "CNNVD", "id": "CNNVD-200911-245" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-41344" }, { "db": "BID", "id": "36490" }, { "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "db": "PACKETSTORM", "id": "81568" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2009-3898" }, { "db": "CNNVD", "id": "CNNVD-200911-245" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-11-24T00:00:00", "db": "VULHUB", "id": "VHN-41344" }, { "date": "2009-09-23T00:00:00", "db": "BID", "id": "36490" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "date": "2009-09-23T05:54:46", "db": "PACKETSTORM", "id": "81568" }, { "date": "2012-03-29T02:37:12", "db": "PACKETSTORM", "id": "111273" }, { "date": "2012-03-28T06:36:19", "db": "PACKETSTORM", "id": "111263" }, { "date": "2009-11-24T17:30:00.437000", "db": "NVD", "id": "CVE-2009-3898" }, { "date": "2009-11-24T00:00:00", "db": "CNNVD", "id": "CNNVD-200911-245" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-41344" }, { "date": "2012-03-28T21:30:00", "db": "BID", "id": "36490" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-005108" }, { "date": "2021-11-10T15:52:55.790000", "db": "NVD", "id": "CVE-2009-3898" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-200911-245" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200911-245" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of src/http/modules/ngx_http_dav_module.c Vulnerable to directory traversal", "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005108" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-200911-245" } ], "trust": 0.6 } }
var-201602-0391
Vulnerability from variot
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. There is a security vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. The vulnerability stems from the fact that the program does not limit CNAME resolution. These only affect nginx if the "resolver" directive is used in a configuration file.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.1-2.2+wheezy4.
For the stable distribution (jessie), these problems have been fixed in version 1.6.2-5+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1.9.10-1.
For the unstable distribution (sid), these problems have been fixed in version 1.9.10-1.
We recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).
Security Fix(es):
-
A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash. (CVE-2016-4450)
-
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. (CVE-2016-0742)
-
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. (CVE-2016-0746)
-
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. (CVE-2016-0747)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver 1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver 1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver 1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2892-1 February 09, 2016
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx. (CVE-2016-0747)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.1 nginx-extras 1.9.3-1ubuntu1.1 nginx-full 1.9.3-1ubuntu1.1 nginx-light 1.9.3-1ubuntu1.1
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.4 nginx-extras 1.4.6-1ubuntu3.4 nginx-full 1.4.6-1ubuntu3.4 nginx-light 1.4.6-1ubuntu3.4 nginx-naxsi 1.4.6-1ubuntu3.4
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0391", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.6, "vendor": "debian", "version": "8.0" }, { "model": "leap", "scope": "eq", "trust": 1.4, "vendor": "novell", "version": "42.1" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.9.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.9.10" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.10" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.6.18" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.8.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.1" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.9.10" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.9.x" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "15.10" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "14.04 lts" }, { "model": "gnu/linux", "scope": "eq", "trust": 0.8, "vendor": "debian", "version": "8.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "0.6.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" } ], "sources": [ { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "db": "NVD", "id": "CVE-2016-0747" }, { "db": "CNNVD", "id": "CNNVD-201602-059" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.1", "versionStartIncluding": "0.6.18", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.9.10", "versionStartIncluding": "1.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-0747" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "82230" } ], "trust": 0.3 }, "cve": "CVE-2016-0747", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-0747", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-88257", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-0747", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201602-059", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-88257", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-0747", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-88257" }, { "db": "VULMON", "id": "CVE-2016-0747" }, { "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "db": "NVD", "id": "CVE-2016-0747" }, { "db": "CNNVD", "id": "CNNVD-201602-059" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. There is a security vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. The vulnerability stems from the fact that the program does not limit CNAME resolution. These only affect nginx if\nthe \"resolver\" directive is used in a configuration file. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.1-2.2+wheezy4. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.6.2-5+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.9.10-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.10-1. \n\nWe recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2016:1425-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1425\nIssue date: 2016-07-14\nCVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 \n CVE-2016-4450 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web and proxy server with a focus on high concurrency,\nperformance, and low memory usage. \n\nThe following packages have been upgraded to a newer upstream version:\nrh-nginx18-nginx (1.8.1). \n\nSecurity Fix(es):\n\n* A NULL pointer dereference flaw was found in the nginx code responsible\nfor saving client request body to a temporary file. A remote attacker could\nsend a specially crafted request that would cause nginx worker process to\ncrash. (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and\ndereference an invalid pointer when resolving CNAME DNS records. An\nattacker able to manipulate DNS responses received by nginx could use this\nflaw to cause a worker process to crash if nginx enabled the resolver in\nits configuration. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME\nDNS records. \n(CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME\nDNS records. \n(CVE-2016-0747)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver\n1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver\n1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver\n1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0742\nhttps://access.redhat.com/security/cve/CVE-2016-0746\nhttps://access.redhat.com/security/cve/CVE-2016-0747\nhttps://access.redhat.com/security/cve/CVE-2016-4450\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp\nZhbDRXs2sdXbnakZ6oJi/K8=\n=7RBd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2892-1\nFebruary 09, 2016\n\nnginx vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n(CVE-2016-0747)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n nginx-core 1.9.3-1ubuntu1.1\n nginx-extras 1.9.3-1ubuntu1.1\n nginx-full 1.9.3-1ubuntu1.1\n nginx-light 1.9.3-1ubuntu1.1\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.4\n nginx-extras 1.4.6-1ubuntu3.4\n nginx-full 1.4.6-1ubuntu3.4\n nginx-light 1.4.6-1ubuntu3.4\n nginx-naxsi 1.4.6-1ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"", "sources": [ { "db": "NVD", "id": "CVE-2016-0747" }, { "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "db": "BID", "id": "82230" }, { "db": "VULHUB", "id": "VHN-88257" }, { "db": "VULMON", "id": "CVE-2016-0747" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-0747", "trust": 3.4 }, { "db": "SECTRACK", "id": "1034869", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2016-001780", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201602-059", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "BID", "id": "82230", "trust": 0.4 }, { "db": "VULHUB", "id": "VHN-88257", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-0747", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135738", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137908", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137518", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135684", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88257" }, { "db": "VULMON", "id": "CVE-2016-0747" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0747" }, { "db": "CNNVD", "id": "CNNVD-201602-059" } ] }, "id": "VAR-201602-0391", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-88257" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:08:16.477000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-3473", "trust": 0.8, "url": "http://www.debian.org/security/2016/dsa-3473" }, { "title": "openSUSE-SU-2016:0371", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "title": "Bug 1302589", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589" }, { "title": "USN-2892-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/usn-2892-1/" }, { "title": "CVE-2016-0742, CVE-2016-0746, CVE-2016-0747", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html" }, { "title": "nginx resolver Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=60056" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2892-1" }, { "title": "Red Hat: CVE-2016-0747", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-0747" }, { "title": "Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=10ec4e6c24845a17d787b01f883e17a7" }, { "title": "Amazon Linux AMI: ALAS-2016-655", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-655" }, { "title": "Symantec Security Advisories: SA115 : Multiple nginx DNS resolver vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=4df1d4c41a5a305df81d1cff15b6d5a3" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-0747" }, { "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "db": "CNNVD", "id": "CNNVD-201602-059" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.1 }, { "problemtype": "CWE-399", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88257" }, { "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "db": "NVD", "id": "CVE-2016-0747" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://security.gentoo.org/glsa/201606-06" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2016:1425" }, { "trust": 1.9, "url": "http://www.ubuntu.com/usn/usn-2892-1" }, { "trust": 1.8, "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "trust": 1.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589" }, { "trust": 1.8, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.8, "url": "http://www.debian.org/security/2016/dsa-3473" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.8, "url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1034869" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0747" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0747" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.10431541.1444954692.1454065053" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.85903129.1444954692.1454065053" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.107423490.1444954692.1454065053" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237" }, { "trust": 0.3, "url": "https://support.asperasoft.com/hc/en-us/articles/229846687-security-bulletin-multiple-vulnerabilities-with-the-nginx-web-server-used-in-ibm-aspera-shares-1-9-2-earlier" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/400.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2892-1/" }, { "trust": 0.1, "url": "https://www.securityfocus.com/bid/82230" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0742" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0747" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0746" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4450" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.1, "url": "https://developer.apple.com/xcode/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.1, "url": "https://support.apple.com/ht212818." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529" } ], "sources": [ { "db": "VULHUB", "id": "VHN-88257" }, { "db": "VULMON", "id": "CVE-2016-0747" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0747" }, { "db": "CNNVD", "id": "CNNVD-201602-059" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-88257" }, { "db": "VULMON", "id": "CVE-2016-0747" }, { "db": "BID", "id": "82230" }, { "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "db": "PACKETSTORM", "id": "135738" }, { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2016-0747" }, { "db": "CNNVD", "id": "CNNVD-201602-059" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-15T00:00:00", "db": "VULHUB", "id": "VHN-88257" }, { "date": "2016-02-15T00:00:00", "db": "VULMON", "id": "CVE-2016-0747" }, { "date": "2016-01-29T00:00:00", "db": "BID", "id": "82230" }, { "date": "2016-03-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "date": "2016-02-12T19:22:00", "db": "PACKETSTORM", "id": "135738" }, { "date": "2016-07-14T20:08:00", "db": "PACKETSTORM", "id": "137908" }, { "date": "2016-06-17T23:50:23", "db": "PACKETSTORM", "id": "137518" }, { "date": "2016-02-10T03:55:35", "db": "PACKETSTORM", "id": "135684" }, { "date": "2021-09-22T16:28:58", "db": "PACKETSTORM", "id": "164240" }, { "date": "2016-02-15T19:59:02.123000", "db": "NVD", "id": "CVE-2016-0747" }, { "date": "2016-01-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201602-059" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-88257" }, { "date": "2021-09-22T00:00:00", "db": "VULMON", "id": "CVE-2016-0747" }, { "date": "2016-10-26T00:01:00", "db": "BID", "id": "82230" }, { "date": "2016-03-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001780" }, { "date": "2021-12-16T18:43:52.677000", "db": "NVD", "id": "CVE-2016-0747" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201602-059" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "137908" }, { "db": "PACKETSTORM", "id": "137518" }, { "db": "PACKETSTORM", "id": "135684" }, { "db": "CNNVD", "id": "CNNVD-201602-059" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Service disruption in other resolvers (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001780" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201602-059" } ], "trust": 0.6 } }
var-201811-0987
Vulnerability from variot
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. nginx Contains an information disclosure vulnerability.Information obtained and denial of service (DoS) May be in a state. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Versions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability is caused by the program not processing MP4 files correctly.
For the stable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u2.
We recommend that you upgrade your nginx packages.
For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvkq1wACgkQEMKTtsN8 TjY+Sw//eT499ax9D25pWjbpRjjJQ+WG5m7xL3zoCJfWymNmQnsgiV7/gGbpOvAV n6OG/Ckq946v0Du4YFiCDlkPY4P5WJR2/qnBNJPbFEcMssJJbuhpZCLAKSMFjm9A 2IZYGGHZDMGcEo9ZSEDJX/nViSpbN+Y8koTXX43ORizeKhmOWVY0Dm7gqm2DESti CQ0EVQyMSqZisiZumoDjn0FrvkQnxvO4GONfYTUcsZf8z4yb03r7rzO/wDgu9JvU 8+L7cgMcq5TFT3LoZ/LvrJOv8GbMa5SUwqp84ePEZMtAH4NYFIyijOF05MKox7Pq zRO/NTkoIQ7/mfz6dHFRl54Ac5iEGnjL7ksC6zL1rD+W2E+JXOnHUpRdmjQ7CvdA /5GnyZSJbvD6D7/c5MBXU8r60ALXc75hiL8ibXM/LExll/vOw7++/7dDqMacSx4O pQl+tduqW+55VMAyT7DKoM5+nZmq2805EH2P4W37uqE1UCh0eJkEK+bp3BLO2Adx IJM1ujtt6Euyu3c1JzZADpiOAsATLxvh1qGxvHmUeXN0ODEYAnV2mgKtZxU8+W+Z JrsrUTTzFKlmPQug7Bvx7CyZ6S/EQchjeD+Ni7W/HRtW7/eSoh0dntBjQUlg50yd K2fAQq6MD37FTHAghC243ZqqcRJDoDXtKfvKm8Zt3ZUnX3XUqVg=3QLE -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-nginx18-nginx security update Advisory ID: RHSA-2018:3652-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3652 Issue date: 2018-11-26 CVE Names: CVE-2018-16845 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
- nginx: Denial of service and memory disclosure via mp4 module (CVE-2018-16845)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank the Nginx project for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16845 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW/viKdzjgjWX9erEAQjSFA/+IYlcY+VkhYOzot4cXoMumMPj0zcn6Iuk TwHfLvfooC8KsM5PK3acSmv2526KlfWn9xi8QJ8YMIoZVX8+LPPC7gOVxmwAyYOn 4uOumQy5rulkk03UB7r6y7u34Xy5mftCXTOouOipvhiW2Na6aZWiRen7ZWRBcMMW okYWY03xJU7/OQafttfP3UUVAYiw5adZ6gAflhZA8q8JzF0RhZXnliyt4kpZ1kLj 8fr6q+9WDVdiHe9u1j1wIXwQglkPnpab+kW1k4KZ3pdJMzFr9unZURHbyDsqbxlh T5rNTFtoLO9rgksSYtkuK0D6MvxVu7MzHMl/X0IsCnFwwAjH9xbqftqX5G26pQR6 L2UlnBNnes+NG357E81aHJus6ioRpjzSsfIrFoU9N0K9llnfbEslwEr239GzF6hH sMO5vap7/i2bmYQ7++jw9jfF67K2AtFvZCa/tYWlilkWOM12BkP2HvuYXCgmtb6F 99oHxB5TyDKPb44epIvzKV/YtvoeHT6beKRIefJ3xstrq8to0f87NZhTTbk5rYt0 HPf5vLjoZO6SYequmHzn++zoAZubU+oZ3fE05jcbrJSwQeMHWLPTtBoBkmQq+l5y rYTxun0/RvYql6bZD4uHAxKzTxyAvrKw0dW+/DGNanQiwkk+/RpPrYTdMhVw4a5a ZrQQucuvvOo= =LfBW -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The following packages have been upgraded to a later upstream version: rh-nginx114-nginx (1.14.1)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0987", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.15.5" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.0.7" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.0.15" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.1.3" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.10" }, { "model": "ubuntu", "scope": null, "trust": 0.8, "vendor": "canonical", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.14.1" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.15.6" }, { "model": "enterprise linux", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "software collections for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.15.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.13.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.10" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.15.6" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.14.1" } ], "sources": [ { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.15", "versionStartIncluding": "1.0.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.15.5", "versionStartIncluding": "1.1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-16845" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150453" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" } ], "trust": 0.4 }, "cve": "CVE-2018-16845", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-16845", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-127245", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "impactScore": 4.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "secalert@redhat.com", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 4.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2018-16845", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-16845", "trust": 1.8, "value": "MEDIUM" }, { "author": "secalert@redhat.com", "id": "CVE-2018-16845", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201811-119", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-127245", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2018-16845", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-127245" }, { "db": "VULMON", "id": "CVE-2018-16845" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "CNNVD", "id": "CNNVD-201811-119" }, { "db": "NVD", "id": "CVE-2018-16845" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. nginx Contains an information disclosure vulnerability.Information obtained and denial of service (DoS) May be in a state. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. \nVersions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability is caused by the program not processing MP4 files correctly. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2. \n\nWe recommend that you upgrade your nginx packages. \n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvkq1wACgkQEMKTtsN8\nTjY+Sw//eT499ax9D25pWjbpRjjJQ+WG5m7xL3zoCJfWymNmQnsgiV7/gGbpOvAV\nn6OG/Ckq946v0Du4YFiCDlkPY4P5WJR2/qnBNJPbFEcMssJJbuhpZCLAKSMFjm9A\n2IZYGGHZDMGcEo9ZSEDJX/nViSpbN+Y8koTXX43ORizeKhmOWVY0Dm7gqm2DESti\nCQ0EVQyMSqZisiZumoDjn0FrvkQnxvO4GONfYTUcsZf8z4yb03r7rzO/wDgu9JvU\n8+L7cgMcq5TFT3LoZ/LvrJOv8GbMa5SUwqp84ePEZMtAH4NYFIyijOF05MKox7Pq\nzRO/NTkoIQ7/mfz6dHFRl54Ac5iEGnjL7ksC6zL1rD+W2E+JXOnHUpRdmjQ7CvdA\n/5GnyZSJbvD6D7/c5MBXU8r60ALXc75hiL8ibXM/LExll/vOw7++/7dDqMacSx4O\npQl+tduqW+55VMAyT7DKoM5+nZmq2805EH2P4W37uqE1UCh0eJkEK+bp3BLO2Adx\nIJM1ujtt6Euyu3c1JzZADpiOAsATLxvh1qGxvHmUeXN0ODEYAnV2mgKtZxU8+W+Z\nJrsrUTTzFKlmPQug7Bvx7CyZ6S/EQchjeD+Ni7W/HRtW7/eSoh0dntBjQUlg50yd\nK2fAQq6MD37FTHAghC243ZqqcRJDoDXtKfvKm8Zt3ZUnX3XUqVg=3QLE\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2018:3652-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3652\nIssue date: 2018-11-26\nCVE Names: CVE-2018-16845 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: Denial of service and memory disclosure via mp4 module\n(CVE-2018-16845)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank the Nginx project for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16845\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/viKdzjgjWX9erEAQjSFA/+IYlcY+VkhYOzot4cXoMumMPj0zcn6Iuk\nTwHfLvfooC8KsM5PK3acSmv2526KlfWn9xi8QJ8YMIoZVX8+LPPC7gOVxmwAyYOn\n4uOumQy5rulkk03UB7r6y7u34Xy5mftCXTOouOipvhiW2Na6aZWiRen7ZWRBcMMW\nokYWY03xJU7/OQafttfP3UUVAYiw5adZ6gAflhZA8q8JzF0RhZXnliyt4kpZ1kLj\n8fr6q+9WDVdiHe9u1j1wIXwQglkPnpab+kW1k4KZ3pdJMzFr9unZURHbyDsqbxlh\nT5rNTFtoLO9rgksSYtkuK0D6MvxVu7MzHMl/X0IsCnFwwAjH9xbqftqX5G26pQR6\nL2UlnBNnes+NG357E81aHJus6ioRpjzSsfIrFoU9N0K9llnfbEslwEr239GzF6hH\nsMO5vap7/i2bmYQ7++jw9jfF67K2AtFvZCa/tYWlilkWOM12BkP2HvuYXCgmtb6F\n99oHxB5TyDKPb44epIvzKV/YtvoeHT6beKRIefJ3xstrq8to0f87NZhTTbk5rYt0\nHPf5vLjoZO6SYequmHzn++zoAZubU+oZ3fE05jcbrJSwQeMHWLPTtBoBkmQq+l5y\nrYTxun0/RvYql6bZD4uHAxKzTxyAvrKw0dW+/DGNanQiwkk+/RpPrYTdMhVw4a5a\nZrQQucuvvOo=\n=LfBW\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nginx114-nginx (1.14.1)", "sources": [ { "db": "NVD", "id": "CVE-2018-16845" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "BID", "id": "105868" }, { "db": "VULHUB", "id": "VHN-127245" }, { "db": "VULMON", "id": "CVE-2018-16845" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150453" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-16845", "trust": 3.4 }, { "db": "BID", "id": "105868", "trust": 2.0 }, { "db": "SECTRACK", "id": "1042039", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2018-014189", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201811-119", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3384", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0464", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0451", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042571", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "150453", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-127245", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-16845", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150480", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150481", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150458", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127245" }, { "db": "VULMON", "id": "CVE-2018-16845" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150453" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "CNNVD", "id": "CNNVD-201811-119" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "id": "VAR-201811-0987", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-127245" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:01:53.545000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "[SECURITY] [DLA 1572-1] nginx security update", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html" }, { "title": "DSA-4335", "trust": 0.8, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "title": "Bug 1644508", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845" }, { "title": "RHSA-2018:3652", "trust": 0.8, "url": "https://access.redhat.com/errata/rhsa-2018:3652" }, { "title": "RHSA-2018:3653", "trust": 0.8, "url": "https://access.redhat.com/errata/rhsa-2018:3653" }, { "title": "RHSA-2018:3680", "trust": 0.8, "url": "https://access.redhat.com/errata/rhsa-2018:3680" }, { "title": "RHSA-2018:3681", "trust": 0.8, "url": "https://access.redhat.com/errata/rhsa-2018:3681" }, { "title": "USN-3812-1", "trust": 0.8, "url": "https://usn.ubuntu.com/3812-1/" }, { "title": "(CVE-2018-16845)", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "title": "Nginx Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=86626" }, { "title": "Red Hat: Important: rh-nginx18-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183652 - security advisory" }, { "title": "Red Hat: Important: rh-nginx110-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183653 - security advisory" }, { "title": "Red Hat: Important: rh-nginx112-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183680 - security advisory" }, { "title": "Red Hat: Important: rh-nginx114-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183681 - security advisory" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3812-1" }, { "title": "Red Hat: CVE-2018-16845", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-16845" }, { "title": "Debian CVElist Bug Report Logs: nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f21dcb5d073b4fb671c738fa256c2347" }, { "title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u00e2\u20ac\u2122s dependencies \u00e2\u20ac\u201c Cumulative list from June 28, 2018 to December 13, 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61" }, { "title": "CVE-2018-16845", "trust": 0.1, "url": "https://github.com/t4t4ru/cve-2018-16845 " }, { "title": "anitazhaochen.github.io", "trust": 0.1, "url": "https://github.com/anitazhaochen/anitazhaochen.github.io " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-16845" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "CNNVD", "id": "CNNVD-201811-119" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.1 }, { "problemtype": "CWE-200", "trust": 0.9 }, { "problemtype": "CWE-835", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127245" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845" }, { "trust": 2.0, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "trust": 2.0, "url": "https://usn.ubuntu.com/3812-1/" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3652" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3653" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3680" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3681" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/105868" }, { "trust": 1.7, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.7, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1042039" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16845" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2018-16845" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2018-16843" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1489143" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0464/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3384/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75522" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042571" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-shares-application-is-affected-by-nginx-vulnerabilities-cve-2018-16845-cve-2018-16843-cve-2019-7401/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-16844" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16844" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16843" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/nginx" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-127245" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150453" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "CNNVD", "id": "CNNVD-201811-119" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-127245" }, { "db": "VULMON", "id": "CVE-2018-16845" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150453" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "CNNVD", "id": "CNNVD-201811-119" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-07T00:00:00", "db": "VULHUB", "id": "VHN-127245" }, { "date": "2018-11-07T00:00:00", "db": "VULMON", "id": "CVE-2018-16845" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-03-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "date": "2018-11-12T16:57:53", "db": "PACKETSTORM", "id": "150253" }, { "date": "2018-11-27T17:24:35", "db": "PACKETSTORM", "id": "150480" }, { "date": "2018-11-26T04:44:44", "db": "PACKETSTORM", "id": "150453" }, { "date": "2018-11-27T17:24:48", "db": "PACKETSTORM", "id": "150481" }, { "date": "2018-11-26T10:02:22", "db": "PACKETSTORM", "id": "150458" }, { "date": "2018-11-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-119" }, { "date": "2018-11-07T14:29:00.883000", "db": "NVD", "id": "CVE-2018-16845" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-127245" }, { "date": "2022-02-22T00:00:00", "db": "VULMON", "id": "CVE-2018-16845" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-03-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-119" }, { "date": "2022-02-22T19:27:12.373000", "db": "NVD", "id": "CVE-2018-16845" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-119" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Information Disclosure Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-014189" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "memory leak", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-119" } ], "trust": 0.6 } }
var-201811-0988
Vulnerability from variot
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Versions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. An attacker can exploit this vulnerability to consume a large amount of memory space.
For the stable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u2.
We recommend that you upgrade your nginx packages. ========================================================================== Ubuntu Security Notice USN-3812-1 November 07, 2018
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx.
Software Description: - nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that nginx incorrectly handled the HTTP/2 implementation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)
Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16844)
It was discovered that nginx incorrectly handled the ngx_http_mp4_module module. A remote attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2018-16845)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: nginx-common 1.15.5-0ubuntu2.1 nginx-core 1.15.5-0ubuntu2.1 nginx-extras 1.15.5-0ubuntu2.1 nginx-full 1.15.5-0ubuntu2.1 nginx-light 1.15.5-0ubuntu2.1
Ubuntu 18.04 LTS: nginx-common 1.14.0-0ubuntu1.2 nginx-core 1.14.0-0ubuntu1.2 nginx-extras 1.14.0-0ubuntu1.2 nginx-full 1.14.0-0ubuntu1.2 nginx-light 1.14.0-0ubuntu1.2
Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.3 nginx-core 1.10.3-0ubuntu0.16.04.3 nginx-extras 1.10.3-0ubuntu0.16.04.3 nginx-full 1.10.3-0ubuntu0.16.04.3 nginx-light 1.10.3-0ubuntu0.16.04.3
Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.9 nginx-core 1.4.6-1ubuntu3.9 nginx-extras 1.4.6-1ubuntu3.9 nginx-full 1.4.6-1ubuntu3.9 nginx-light 1.4.6-1ubuntu3.9
In general, a standard system update will make all the necessary changes.
The following packages have been upgraded to a later upstream version: rh-nginx114-nginx (1.14.1). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-nginx110-nginx security update Advisory ID: RHSA-2018:3653-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3653 Issue date: 2018-11-26 CVE Names: CVE-2018-16843 CVE-2018-16845 =====================================================================
- Summary:
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Red Hat would like to thank the Nginx project for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx110-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx110-nginx-1.10.2-8.el6.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx110-nginx-1.10.2-8.el6.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx110-nginx-1.10.2-8.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx110-nginx-1.10.2-8.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx110-nginx-1.10.2-8.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx110-nginx-1.10.2-8.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx110-nginx-1.10.2-8.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16843 https://access.redhat.com/security/cve/CVE-2018-16845 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW/vmotzjgjWX9erEAQgLFQ//c0AzsoAslgezACNt/7IQuf7IJy0o3ZJS RivGOSPey3gjDQDioSB5LYv5W89fmX5lQ8NsSmx/K+soAPpsz2OmwkFrJ3Mu9D/U DvE5WxP0TQcJOizA9k6huKhwtLYLmkMrnRmZUIJ/E6BiLVZbAP8/1CnoryK+JBum Ml1oFeOZUgwz2x0pvBPVPqGsRBFK3cE1SRxnSHgvwchMxYKSTwrHMARYFUavOrmZ VVRbL8xIiCPCEl7/OPKO3QD4M2vXhMHRwaquZJS/A6+Vls53qGAjJ9q3iLE+sEl5 Lb3B3AkbOtURmmoKOb8wdWlo9YRHckG+4mLXonNCIUteSZDWukns8gKti+AcSyOs gZ4e+IXDahfnP1+Lg9StFthKexpGGwp/ASBi0OZ8ZmyA6IVQzGyXW7nADlrdolKj 9q2zXQMPVFEtYu7tvDb/eJZq+ch/fkjIywps6+lQKRTkRSkT7SzUuopRj4z0eWt7 hy7/WXdf9+55sR6VM2XTQi5Oj4xjJkzmrFuYc2tG9oLSc2M+11ouuY/DgaMGnilE HVFQ5L9OjV7fV3yPbxFIA2avu4BuCR2xwggQ0fNihAtcqmCiYSESfIsCvHcM+V4P AQIcEgyuW0KOPH7ygRcBFbniri+sYRAk96jRpZtccmCjw45DUZcFdeHWJheWcZNc chCvd465nBo= =EyM5 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0988", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "18.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "14.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "16.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "18.10" }, { "model": "nginx", "scope": "gt", "trust": 1.0, "vendor": "f5", "version": "1.15.0" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.15.6" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.1" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.14.1" }, { "model": "nginx", "scope": "gt", "trust": 1.0, "vendor": "f5", "version": "1.9.5" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "ubuntu", "scope": null, "trust": 0.8, "vendor": "canonical", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.14.1" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.15.6" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "software collections for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.15.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.13.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.10" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.15.6" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.14.1" } ], "sources": [ { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.14.1", "versionStartExcluding": "1.9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.15.6", "versionStartExcluding": "1.15.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-16843" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Gal Goldshtein from F5 Networks, and Maxim Konovalov (Nginx)", "sources": [ { "db": "BID", "id": "105868" } ], "trust": 0.3 }, "cve": "CVE-2018-16843", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-16843", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-127243", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "secalert@redhat.com", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-16843", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-16843", "trust": 1.8, "value": "HIGH" }, { "author": "secalert@redhat.com", "id": "CVE-2018-16843", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201811-131", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-127243", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-16843", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-127243" }, { "db": "VULMON", "id": "CVE-2018-16843" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the \u0027http2\u0027 option of the \u0027listen\u0027 directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. \nVersions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. An attacker can exploit this vulnerability to consume a large amount of memory space. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2. \n\nWe recommend that you upgrade your nginx packages. ==========================================================================\nUbuntu Security Notice USN-3812-1\nNovember 07, 2018\n\nnginx vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nIt was discovered that nginx incorrectly handled the HTTP/2 implementation. This issue only affected\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)\n\nGal Goldshtein discovered that nginx incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nexcessive CPU usage, leading to a denial of service. This issue only\naffected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. \n(CVE-2018-16844)\n\nIt was discovered that nginx incorrectly handled the ngx_http_mp4_module\nmodule. A remote attacker could possibly use this issue with a specially\ncrafted mp4 file to cause nginx to crash, stop responding, or access\narbitrary memory. (CVE-2018-16845)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n nginx-common 1.15.5-0ubuntu2.1\n nginx-core 1.15.5-0ubuntu2.1\n nginx-extras 1.15.5-0ubuntu2.1\n nginx-full 1.15.5-0ubuntu2.1\n nginx-light 1.15.5-0ubuntu2.1\n\nUbuntu 18.04 LTS:\n nginx-common 1.14.0-0ubuntu1.2\n nginx-core 1.14.0-0ubuntu1.2\n nginx-extras 1.14.0-0ubuntu1.2\n nginx-full 1.14.0-0ubuntu1.2\n nginx-light 1.14.0-0ubuntu1.2\n\nUbuntu 16.04 LTS:\n nginx-common 1.10.3-0ubuntu0.16.04.3\n nginx-core 1.10.3-0ubuntu0.16.04.3\n nginx-extras 1.10.3-0ubuntu0.16.04.3\n nginx-full 1.10.3-0ubuntu0.16.04.3\n nginx-light 1.10.3-0ubuntu0.16.04.3\n\nUbuntu 14.04 LTS:\n nginx-common 1.4.6-1ubuntu3.9\n nginx-core 1.4.6-1ubuntu3.9\n nginx-extras 1.4.6-1ubuntu3.9\n nginx-full 1.4.6-1ubuntu3.9\n nginx-light 1.4.6-1ubuntu3.9\n\nIn general, a standard system update will make all the necessary changes. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nginx114-nginx (1.14.1). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-nginx110-nginx security update\nAdvisory ID: RHSA-2018:3653-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3653\nIssue date: 2018-11-26\nCVE Names: CVE-2018-16843 CVE-2018-16845 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx110-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nRed Hat would like to thank the Nginx project for reporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx110-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16843\nhttps://access.redhat.com/security/cve/CVE-2018-16845\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/vmotzjgjWX9erEAQgLFQ//c0AzsoAslgezACNt/7IQuf7IJy0o3ZJS\nRivGOSPey3gjDQDioSB5LYv5W89fmX5lQ8NsSmx/K+soAPpsz2OmwkFrJ3Mu9D/U\nDvE5WxP0TQcJOizA9k6huKhwtLYLmkMrnRmZUIJ/E6BiLVZbAP8/1CnoryK+JBum\nMl1oFeOZUgwz2x0pvBPVPqGsRBFK3cE1SRxnSHgvwchMxYKSTwrHMARYFUavOrmZ\nVVRbL8xIiCPCEl7/OPKO3QD4M2vXhMHRwaquZJS/A6+Vls53qGAjJ9q3iLE+sEl5\nLb3B3AkbOtURmmoKOb8wdWlo9YRHckG+4mLXonNCIUteSZDWukns8gKti+AcSyOs\ngZ4e+IXDahfnP1+Lg9StFthKexpGGwp/ASBi0OZ8ZmyA6IVQzGyXW7nADlrdolKj\n9q2zXQMPVFEtYu7tvDb/eJZq+ch/fkjIywps6+lQKRTkRSkT7SzUuopRj4z0eWt7\nhy7/WXdf9+55sR6VM2XTQi5Oj4xjJkzmrFuYc2tG9oLSc2M+11ouuY/DgaMGnilE\nHVFQ5L9OjV7fV3yPbxFIA2avu4BuCR2xwggQ0fNihAtcqmCiYSESfIsCvHcM+V4P\nAQIcEgyuW0KOPH7ygRcBFbniri+sYRAk96jRpZtccmCjw45DUZcFdeHWJheWcZNc\nchCvd465nBo=\n=EyM5\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"", "sources": [ { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "BID", "id": "105868" }, { "db": "VULHUB", "id": "VHN-127243" }, { "db": "VULMON", "id": "CVE-2018-16843" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "PACKETSTORM", "id": "164240" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-16843", "trust": 3.5 }, { "db": "BID", "id": "105868", "trust": 2.0 }, { "db": "SECTRACK", "id": "1042038", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2018-011775", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201811-131", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3384", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0464", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0451", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042571", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "150214", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150458", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150480", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150481", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150253", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-127243", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-16843", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127243" }, { "db": "VULMON", "id": "CVE-2018-16843" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "id": "VAR-201811-0988", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-127243" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:40:26.729000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-4335", "trust": 0.8, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "title": "USN-3812-1", "trust": 0.8, "url": "https://usn.ubuntu.com/3812-1/" }, { "title": "CVE-2018-16843, CVE-2018-16844", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "title": "nginx Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=86634" }, { "title": "Red Hat: Important: rh-nginx110-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183653 - security advisory" }, { "title": "Red Hat: Important: rh-nginx114-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183681 - security advisory" }, { "title": "Red Hat: Important: rh-nginx112-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183680 - security advisory" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3812-1" }, { "title": "Debian CVElist Bug Report Logs: nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f21dcb5d073b4fb671c738fa256c2347" }, { "title": "Red Hat: CVE-2018-16843", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-16843" }, { "title": "Amazon Linux AMI: ALAS-2018-1125", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-1125" }, { "title": "anitazhaochen.github.io", "trust": 0.1, "url": "https://github.com/anitazhaochen/anitazhaochen.github.io " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-16843" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127243" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "NVD", "id": "CVE-2018-16843" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16843" }, { "trust": 2.0, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "trust": 2.0, "url": "https://usn.ubuntu.com/3812-1/" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3653" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3680" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3681" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/105868" }, { "trust": 1.7, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.7, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1042038" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16843" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2018-16843" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2018-16845" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1489143" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0464/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3384/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75522" }, { "trust": 0.6, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10960610" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042571" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-shares-application-is-affected-by-nginx-vulnerabilities-cve-2018-16845-cve-2018-16843-cve-2019-7401/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-16844" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16844" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/nginx" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.2" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3812-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.9" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.15.5-0ubuntu2.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://developer.apple.com/xcode/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747" }, { "trust": 0.1, "url": "https://support.apple.com/ht212818." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529" } ], "sources": [ { "db": "VULHUB", "id": "VHN-127243" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-127243" }, { "db": "VULMON", "id": "CVE-2018-16843" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-07T00:00:00", "db": "VULHUB", "id": "VHN-127243" }, { "date": "2018-11-07T00:00:00", "db": "VULMON", "id": "CVE-2018-16843" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "date": "2018-11-12T16:57:53", "db": "PACKETSTORM", "id": "150253" }, { "date": "2018-11-07T17:35:27", "db": "PACKETSTORM", "id": "150214" }, { "date": "2018-11-27T17:24:35", "db": "PACKETSTORM", "id": "150480" }, { "date": "2018-11-27T17:24:48", "db": "PACKETSTORM", "id": "150481" }, { "date": "2018-11-26T10:02:22", "db": "PACKETSTORM", "id": "150458" }, { "date": "2021-09-22T16:28:58", "db": "PACKETSTORM", "id": "164240" }, { "date": "2018-11-07T14:29:00.777000", "db": "NVD", "id": "CVE-2018-16843" }, { "date": "2018-11-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-127243" }, { "date": "2022-02-22T00:00:00", "db": "VULMON", "id": "CVE-2018-16843" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "date": "2022-02-22T19:27:12.350000", "db": "NVD", "id": "CVE-2018-16843" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "150214" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Vulnerable to resource exhaustion", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011775" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-131" } ], "trust": 0.6 } }
cve-2009-3898
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=oss-security&m=125897425223039&w=2 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2009/11/23/10 | mailing-list, x_refsource_MLIST | |
http://marc.info/?l=oss-security&m=125897327321676&w=2 | mailing-list, x_refsource_MLIST | |
http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html | mailing-list, x_refsource_FULLDISC | |
http://secunia.com/advisories/48577 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/36818 | third-party-advisory, x_refsource_SECUNIA | |
http://marc.info/?l=oss-security&m=125900327409842&w=2 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2009/11/20/1 | mailing-list, x_refsource_MLIST | |
http://security.gentoo.org/glsa/glsa-201203-22.xml | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:45:51.019Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=oss-security\u0026m=125897425223039\u0026w=2" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=oss-security\u0026m=125897327321676\u0026w=2" }, { "name": "20090923 nginx - low risk webdav destination bug", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html" }, { "name": "48577", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48577" }, { "name": "36818", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36818" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=oss-security\u0026m=125900327409842\u0026w=2" }, { "name": "[oss-security] 20091120 CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "name": "GLSA-201203-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-09-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-06-09T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=oss-security\u0026m=125897425223039\u0026w=2" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=oss-security\u0026m=125897327321676\u0026w=2" }, { "name": "20090923 nginx - low risk webdav destination bug", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html" }, { "name": "48577", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48577" }, { "name": "36818", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36818" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=oss-security\u0026m=125900327409842\u0026w=2" }, { "name": "[oss-security] 20091120 CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "name": "GLSA-201203-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-3898", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20091123 Re: CVEs for nginx", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security\u0026m=125897425223039\u0026w=2" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security\u0026m=125897327321676\u0026w=2" }, { "name": "20090923 nginx - low risk webdav destination bug", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html" }, { "name": "48577", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48577" }, { "name": "36818", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36818" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security\u0026m=125900327409842\u0026w=2" }, { "name": "[oss-security] 20091120 CVEs for nginx", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "name": "GLSA-201203-22", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-3898", "datePublished": "2009-11-24T17:00:00", "dateReserved": "2009-11-05T00:00:00", "dateUpdated": "2024-08-07T06:45:51.019Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-4968
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://security-tracker.debian.org/tracker/CVE-2011-4968 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968 | x_refsource_MISC | |
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968 | x_refsource_MISC | |
https://access.redhat.com/security/cve/cve-2011-4968 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2013/01/03/8 | x_refsource_MISC | |
http://www.securityfocus.com/bid/57139 | x_refsource_MISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/80952 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:23:39.358Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4968" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/cve/cve-2011-4968" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2013/01/03/8" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.securityfocus.com/bid/57139" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80952" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "nginx", "vendor": "nginx", "versions": [ { "status": "affected", "version": "through 1.6.2" } ] } ], "descriptions": [ { "lang": "en", "value": "nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)" } ], "problemTypes": [ { "descriptions": [ { "description": "http proxy module does not verify peer identity of https origin server", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-19T15:18:17", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4968" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/cve/cve-2011-4968" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.openwall.com/lists/oss-security/2013/01/03/8" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.securityfocus.com/bid/57139" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80952" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4968", "datePublished": "2019-11-19T15:18:17", "dateReserved": "2011-12-23T00:00:00", "dateUpdated": "2024-08-07T00:23:39.358Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-7529
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html | mailing-list, x_refsource_MLIST | |
https://access.redhat.com/errata/RHSA-2017:2538 | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/99534 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1039238 | vdb-entry, x_refsource_SECTRACK | |
https://puppet.com/security/cve/cve-2017-7529 | x_refsource_CONFIRM | |
https://support.apple.com/kb/HT212818 | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2021/Sep/36 | mailing-list, x_refsource_FULLDISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:04:11.898Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" }, { "name": "RHSA-2017:2538", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2538" }, { "name": "99534", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99534" }, { "name": "1039238", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039238" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://puppet.com/security/cve/cve-2017-7529" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "nginx", "vendor": "nginx", "versions": [ { "status": "affected", "version": "0.5.6 - 1.13.2" } ] } ], "datePublic": "2017-07-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-21T23:07:12", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" }, { "name": "RHSA-2017:2538", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2538" }, { "name": "99534", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99534" }, { "name": "1039238", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039238" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://puppet.com/security/cve/cve-2017-7529" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2017-07-11T00:00:00", "ID": "CVE-2017-7529", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "nginx", "version": { "version_data": [ { "version_value": "0.5.6 - 1.13.2" } ] } } ] }, "vendor_name": "nginx" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-190" } ] } ] }, "references": { "reference_data": [ { "name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)", "refsource": "MLIST", "url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" }, { "name": "RHSA-2017:2538", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2538" }, { "name": "99534", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99534" }, { "name": "1039238", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039238" }, { "name": "https://puppet.com/security/cve/cve-2017-7529", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2017-7529" }, { "name": "https://support.apple.com/kb/HT212818", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212818" }, { "name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/36" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-7529", "datePublished": "2017-07-13T13:00:00Z", "dateReserved": "2017-04-05T00:00:00", "dateUpdated": "2024-09-16T18:39:56.411Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-3896
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:45:50.766Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035" }, { "name": "FEDORA-2009-12750", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html" }, { "name": "36839", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/36839" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=539565" }, { "name": "FEDORA-2009-12775", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz" }, { "name": "FEDORA-2009-12782", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html" }, { "name": "DSA-1920", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2009/dsa-1920" }, { "name": "48577", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48577" }, { "name": "[oss-security] 20091120 CVE Assignment nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sysoev.ru/nginx/patch.null.pointer.txt" }, { "name": "[oss-security] 20091120 CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "name": "GLSA-201203-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "name": "[nginx] 20091030 Re: null pointer dereference vulnerability in 0.1.0-0.8.13.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=nginx\u0026m=125692080328141\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-10-26T00:00:00", "descriptions": [ { "lang": "en", "value": "src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2009-12-17T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035" }, { "name": "FEDORA-2009-12750", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html" }, { "name": "36839", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/36839" }, { "name": "[oss-security] 20091123 Re: CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=539565" }, { "name": "FEDORA-2009-12775", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz" }, { "name": "FEDORA-2009-12782", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html" }, { "name": "DSA-1920", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2009/dsa-1920" }, { "name": "48577", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48577" }, { "name": "[oss-security] 20091120 CVE Assignment nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sysoev.ru/nginx/patch.null.pointer.txt" }, { "name": "[oss-security] 20091120 CVEs for nginx", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "name": "GLSA-201203-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "name": "[nginx] 20091030 Re: null pointer dereference vulnerability in 0.1.0-0.8.13.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=nginx\u0026m=125692080328141\u0026w=2" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-3896", "datePublished": "2009-11-24T17:00:00", "dateReserved": "2009-11-05T00:00:00", "dateUpdated": "2024-08-07T06:45:50.766Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }