var-200909-0576
Vulnerability from variot

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Nginx A web server contains a buffer underrun vulnerability. Nginx Is offered for various platforms HTTP Server and mail proxy server. Nginx Is ngx_http_parse_complex_uri() There was a problem with the function and it was crafted URI A buffer underrun may occur when processing.nginx Consists of a privileged master process and an unprivileged worker process. Arbitrary code execution or denial of service by a remote third party with the authority of a worker process (DoS) There is a possibility of being attacked. The 'nginx' program is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition.

Affected packages

-------------------------------------------------------------------
 Package            /  Vulnerable  /                    Unaffected
-------------------------------------------------------------------

1 www-servers/nginx < 0.7.62 >= 0.5.38 >= 0.6.39 >= 0.7.62

Description

Chris Ries reported a heap-based buffer underflow in the ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when parsing the request URI. NOTE: By default, nginx runs as the "nginx" user.

Workaround

There is no known workaround at this time.

Resolution

All nginx 0.5.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38

All nginx 0.6.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39

All nginx 0.7.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62

References

[ 1 ] CVE-2009-2629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200909-18.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Debian Security Advisory DSA-1884-1 security@debian.org http://www.debian.org/security/ Nico Golde September 14th, 2009 http://www.debian.org/security/faq


Package : nginx Vulnerability : buffer underflow Problem type : remote Debian-specific: no CVE ID : CVE-2009-2629

Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests.

For the oldstable distribution (etch), this problem has been fixed in version 0.4.13-2+etch2.

For the stable distribution (lenny), this problem has been fixed in version 0.6.32-3+lenny2.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 0.7.61-3.

We recommend that you upgrade your nginx packages.

Upgrade instructions


wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch


Debian (oldstable)


Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db

arm architecture (ARM)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb Size/MD5 checksum: 185032 15212749985501b223af7888447fc433

Debian GNU/Linux 5.0 alias lenny


Debian (stable)


Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz Size/MD5 checksum: 10720 b2c8f555b7de4ac17b2c98247fd2ae6b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz Size/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb Size/MD5 checksum: 297782 dc05cbf94712134298acdedad2a4e85d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb Size/MD5 checksum: 268518 58dc10022dd7b20ff58a4b839be62a43

arm architecture (ARM)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb Size/MD5 checksum: 251688 7f5a9499de8ba40ae2caea7de183b966

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb Size/MD5 checksum: 282324 f0264b98d0564f51692292c0ec269a19

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb Size/MD5 checksum: 253060 a64340fa3a9a5b58e23267f13abfeeed

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb Size/MD5 checksum: 420004 a2e6de141194e41a60893b0b2c457f28

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb Size/MD5 checksum: 283220 04407318230621467ea3a42bfb11d724

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb Size/MD5 checksum: 283444 0bd0eb1e415d7d6877a95e21ddb91fa7

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb Size/MD5 checksum: 276056 fae6451ab5ac767f93d3229a9e01f3bf

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb Size/MD5 checksum: 256778 df6a47fe174736468910a4166fe0a064

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl pZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH =Xrul -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200909-0576",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "12"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "0.8.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "11"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "10"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "0.5.38"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "0.7.0"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "0.7.62"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "0.1.0"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "0.6.39"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "0.8.15"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "0.6.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nginx",
        "version": null
      },
      {
        "model": "nginx",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "0.1.0 from  0.5.37"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "0.6.39 earlier"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "0.7.62 earlier"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "0.8.15 earlier"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "0.1.5"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "0.1.4"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "0.1.8"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "0.1.7"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "0.1.6"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "0.1.9"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "0.1.1"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "0.1.2"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "0.1.3"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "0.1.10"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.8.14"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.7.61"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.6.38"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.5.37"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux armel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux armel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "sysoev nginx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.8.15"
      },
      {
        "model": "sysoev nginx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.7.62"
      },
      {
        "model": "sysoev nginx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.6.39"
      },
      {
        "model": "sysoev nginx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.5.38"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180065"
      },
      {
        "db": "BID",
        "id": "36384"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002152"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-302"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.5.38",
                "versionStartIncluding": "0.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.6.39",
                "versionStartIncluding": "0.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.7.62",
                "versionStartIncluding": "0.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.8.15",
                "versionStartIncluding": "0.8.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-2629"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Chris Ries",
    "sources": [
      {
        "db": "BID",
        "id": "36384"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-302"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2009-2629",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2009-2629",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-40075",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-2629",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#180065",
            "trust": 0.8,
            "value": "4.22"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200909-302",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-40075",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180065"
      },
      {
        "db": "VULHUB",
        "id": "VHN-40075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002152"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-302"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Nginx A web server contains a buffer underrun vulnerability. Nginx Is offered for various platforms HTTP Server and mail proxy server. Nginx Is ngx_http_parse_complex_uri() There was a problem with the function and it was crafted URI A buffer underrun may occur when processing.nginx Consists of a privileged master process and an unprivileged worker process. Arbitrary code execution or denial of service by a remote third party with the authority of a worker process (DoS) There is a possibility of being attacked. The \u0027nginx\u0027 program is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package            /  Vulnerable  /                    Unaffected\n    -------------------------------------------------------------------\n  1  www-servers/nginx      \u003c 0.7.62                        *\u003e= 0.5.38\n                                                            *\u003e= 0.6.39\n                                                             \u003e= 0.7.62\n\nDescription\n===========\n\nChris Ries reported a heap-based buffer underflow in the\nngx_http_parse_complex_uri() function in http/ngx_http_parse.c when\nparsing the request URI. NOTE: By default, nginx runs as the \"nginx\" user. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx 0.5.x users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38\n\nAll nginx 0.6.x users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39\n\nAll nginx 0.7.x users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62\n\nReferences\n==========\n\n  [ 1 ] CVE-2009-2629\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200909-18.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2009 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1884-1                    security@debian.org\nhttp://www.debian.org/security/                                 Nico Golde\nSeptember 14th, 2009                    http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage        : nginx\nVulnerability  : buffer underflow\nProblem type   : remote\nDebian-specific: no\nCVE ID         : CVE-2009-2629\n\nChris Ries discovered that nginx, a high-performance HTTP server, reverse\nproxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when\nprocessing certain HTTP requests. \n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.4.13-2+etch2. \n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.6.32-3+lenny2. \n\nFor the testing distribution (squeeze), this problem will be fixed soon. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.7.61-3. \n\n\nWe recommend that you upgrade your nginx packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n        will fetch the file for you\ndpkg -i file.deb\n        will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n        will update the internal database\napt-get upgrade\n        will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz\n    Size/MD5 checksum:   436610 d385a1e7a23020d421531818d5606b5b\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz\n    Size/MD5 checksum:     6578 db07ea3610574b7561cbedef09a51bf2\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc\n    Size/MD5 checksum:      618 12706d3c92e0c225dd47367aae43115e\n\nalpha architecture (DEC Alpha)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb\n    Size/MD5 checksum:   211310 5e7efe11eca1aea2f6611cd913bf519d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb\n    Size/MD5 checksum:   195352 3fc58e180fca1465a360f37bad3da7db\n\narm architecture (ARM)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb\n    Size/MD5 checksum:   187144 6e49d62ee4efa11f9b75292bcb3be1d7\n\nhppa architecture (HP PA RISC)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb\n    Size/MD5 checksum:   205204 7f8f76147eccbf489c900831782806c0\n\ni386 architecture (Intel ia32)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb\n    Size/MD5 checksum:   184912 7dc5e3672666d1b5666f6ce79f4c755b\n\nia64 architecture (Intel ia64)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb\n    Size/MD5 checksum:   278490 669e8d9e43a123367c429ca34927e22a\n\nmips architecture (MIPS (Big Endian))\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb\n    Size/MD5 checksum:   208238 2e6f25c4bc053d1bb1ac82bec398624d\n\nmipsel architecture (MIPS (Little Endian))\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb\n    Size/MD5 checksum:   207640 e6b0e0e8148d1786274cf9a4b7f9d060\n\npowerpc architecture (PowerPC)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb\n    Size/MD5 checksum:   186542 5b1460ab8707b1ccb3cf0b75c8ea2548\n\ns390 architecture (IBM S/390)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb\n    Size/MD5 checksum:   199720 8ecde48c393df02819c45bc966f73eae\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb\n    Size/MD5 checksum:   185032 15212749985501b223af7888447fc433\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc\n    Size/MD5 checksum:     1238 41197ff9eca3cb3707ca5eff5e431183\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz\n    Size/MD5 checksum:    10720 b2c8f555b7de4ac17b2c98247fd2ae6b\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz\n    Size/MD5 checksum:   522183 c09a2ace3c91f45dabbb608b11e48ed1\n\nalpha architecture (DEC Alpha)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb\n    Size/MD5 checksum:   297782 dc05cbf94712134298acdedad2a4e85d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb\n    Size/MD5 checksum:   268518 58dc10022dd7b20ff58a4b839be62a43\n\narm architecture (ARM)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb\n    Size/MD5 checksum:   251688 7f5a9499de8ba40ae2caea7de183b966\n\nhppa architecture (HP PA RISC)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb\n    Size/MD5 checksum:   282324 f0264b98d0564f51692292c0ec269a19\n\ni386 architecture (Intel ia32)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb\n    Size/MD5 checksum:   253060 a64340fa3a9a5b58e23267f13abfeeed\n\nia64 architecture (Intel ia64)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb\n    Size/MD5 checksum:   420004 a2e6de141194e41a60893b0b2c457f28\n\nmips architecture (MIPS (Big Endian))\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb\n    Size/MD5 checksum:   283220 04407318230621467ea3a42bfb11d724\n\nmipsel architecture (MIPS (Little Endian))\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb\n    Size/MD5 checksum:   283444 0bd0eb1e415d7d6877a95e21ddb91fa7\n\npowerpc architecture (PowerPC)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb\n    Size/MD5 checksum:   276056 fae6451ab5ac767f93d3229a9e01f3bf\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n  http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb\n    Size/MD5 checksum:   256778 df6a47fe174736468910a4166fe0a064\n\n\n  These files will probably be moved into the stable distribution on\n  its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl\npZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH\n=Xrul\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-2629"
      },
      {
        "db": "CERT/CC",
        "id": "VU#180065"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002152"
      },
      {
        "db": "BID",
        "id": "36384"
      },
      {
        "db": "VULHUB",
        "id": "VHN-40075"
      },
      {
        "db": "PACKETSTORM",
        "id": "81454"
      },
      {
        "db": "PACKETSTORM",
        "id": "81284"
      }
    ],
    "trust": 2.88
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-40075",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40075"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#180065",
        "trust": 3.6
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2629",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002152",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-302",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "36384",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "81454",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "81284",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-87569",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-69732",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "14830",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-40075",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180065"
      },
      {
        "db": "VULHUB",
        "id": "VHN-40075"
      },
      {
        "db": "BID",
        "id": "36384"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002152"
      },
      {
        "db": "PACKETSTORM",
        "id": "81454"
      },
      {
        "db": "PACKETSTORM",
        "id": "81284"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-302"
      }
    ]
  },
  "id": "VAR-200909-0576",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40075"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:58:03.931000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://nginx.net/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002152"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002152"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2629"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://www.kb.cert.org/vuls/id/180065"
      },
      {
        "trust": 2.5,
        "url": "http://www.debian.org/security/2009/dsa-1884"
      },
      {
        "trust": 2.0,
        "url": "http://nginx.net/changes-0.5"
      },
      {
        "trust": 2.0,
        "url": "http://nginx.net/changes-0.6"
      },
      {
        "trust": 2.0,
        "url": "http://nginx.net/changes-0.7"
      },
      {
        "trust": 1.7,
        "url": "http://sysoev.ru/nginx/patch.180065.txt"
      },
      {
        "trust": 1.7,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html"
      },
      {
        "trust": 1.4,
        "url": "http://nginx.net/changes"
      },
      {
        "trust": 0.9,
        "url": "http://security.gentoo.org/glsa/glsa-200909-18.xml"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2629"
      },
      {
        "trust": 0.8,
        "url": "about vulnerability notes"
      },
      {
        "trust": 0.8,
        "url": "contact us about this vulnerability"
      },
      {
        "trust": 0.8,
        "url": "provide a vendor statement"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu180065/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2629"
      },
      {
        "trust": 0.3,
        "url": "http://nginx.org/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2629"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/"
      },
      {
        "trust": 0.1,
        "url": "http://packages.debian.org/\u003cpkg\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180065"
      },
      {
        "db": "VULHUB",
        "id": "VHN-40075"
      },
      {
        "db": "BID",
        "id": "36384"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002152"
      },
      {
        "db": "PACKETSTORM",
        "id": "81454"
      },
      {
        "db": "PACKETSTORM",
        "id": "81284"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-302"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#180065"
      },
      {
        "db": "VULHUB",
        "id": "VHN-40075"
      },
      {
        "db": "BID",
        "id": "36384"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002152"
      },
      {
        "db": "PACKETSTORM",
        "id": "81454"
      },
      {
        "db": "PACKETSTORM",
        "id": "81284"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-302"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-09-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#180065"
      },
      {
        "date": "2009-09-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-40075"
      },
      {
        "date": "2009-09-14T00:00:00",
        "db": "BID",
        "id": "36384"
      },
      {
        "date": "2009-10-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002152"
      },
      {
        "date": "2009-09-19T16:50:46",
        "db": "PACKETSTORM",
        "id": "81454"
      },
      {
        "date": "2009-09-15T04:05:55",
        "db": "PACKETSTORM",
        "id": "81284"
      },
      {
        "date": "2009-09-15T22:30:00.233000",
        "db": "NVD",
        "id": "CVE-2009-2629"
      },
      {
        "date": "2009-09-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200909-302"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-09-21T00:00:00",
        "db": "CERT/CC",
        "id": "VU#180065"
      },
      {
        "date": "2021-11-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-40075"
      },
      {
        "date": "2015-05-07T17:02:00",
        "db": "BID",
        "id": "36384"
      },
      {
        "date": "2009-10-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002152"
      },
      {
        "date": "2021-11-10T15:52:54.030000",
        "db": "NVD",
        "id": "CVE-2009-2629"
      },
      {
        "date": "2023-05-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200909-302"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "81454"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-302"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#180065"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-302"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.