var-200911-0310
Vulnerability from variot
src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. The 'nginx' program is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22
http://security.gentoo.org/
Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.0.14 >= 1.0.14
Description
Multiple vulnerabilities have been found in nginx:
- The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555).
- The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896).
- nginx does not properly sanitize user input for the the WebDAV COPY or MOVE methods (CVE-2009-3898).
- The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315).
- nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180).
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the nginx process, cause a Denial of Service condition, create or overwrite arbitrary files, or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-22.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Gentoo update for nginx
SECUNIA ADVISORY ID: SA48577
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48577/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48577
RELEASE DATE: 2012-03-28
DISCUSS ADVISORY: http://secunia.com/advisories/48577/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48577/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48577
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Gentoo has issued an update for nginx. This fixes a weakness, a security issue, and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), manipulate certain data, and potentially compromise a vulnerable system.
For more information: SA36751 SA36818 SA37291 SA46798 SA48366
SOLUTION: Update to "www-servers/nginx-1.0.14" or later.
ORIGINAL ADVISORY: GLSA 201203-22: http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200911-0310", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.49" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.45" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.45" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.42" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.39" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.47" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.59" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.50" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.51" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.41" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.61" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.48" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.57" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.42" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.43" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.46" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.39" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.54" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.61" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.43" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.46" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.30" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.55" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.56" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.21" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.50" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.40" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.60" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.54" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.57" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.53" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.22" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.51" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.56" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.39" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.44" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.49" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.34" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.47" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.55" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.16" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.3" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.19" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.52" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.15" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.40" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.2" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.10" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.33" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.48" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.53" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.23" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.41" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.38" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.59" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.44" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.52" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.14" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.45" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.43" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.28" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.24" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.26" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.11" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.17" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.36" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.31" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.13" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "nginx", "version": "0.6.1516" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.9" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.37" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.25" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.12" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.60" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.35" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.5" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.29" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.27" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.2.1" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.32" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.41" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.58" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.8" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.42" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.4.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.18" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.0" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.40" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.3.44" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.8.6" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.4" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.1.20" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.5.7" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.7.58" }, { "model": "nginx", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "0.6.35" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.14" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.1.0 to 0.4.14" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.6.x" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.7.x" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.x" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.6.39" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "0.5.x" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.5.38" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.7.62" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.49" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.48" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.46" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.47" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.50" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "0.3.11" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7.61" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.7" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.38" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6.32" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.6" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.5.37" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.5" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.4.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.4.13" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.4" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" } ], "sources": [ { "db": "BID", "id": "36839" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nginx:nginx:0.6.1516:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.1.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.6.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:0.7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2009-3896" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Jasson Bell", "sources": [ { "db": "BID", "id": "36839" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ], "trust": 0.9 }, "cve": "CVE-2009-3896", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2009-3896", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-41342", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2009-3896", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-200911-243", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-41342", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-41342" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. The \u0027nginx\u0027 program is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: nginx: Multiple vulnerabilities\n Date: March 28, 2012\n Bugs: #293785, #293786, #293788, #389319, #408367\n ID: 201203-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.0.14 \u003e= 1.0.14\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in nginx:\n\n* The TLS protocol does not properly handle session renegotiation\n requests (CVE-2009-3555). \n* The \"ngx_http_process_request_headers()\" function in ngx_http_parse.c\n could cause a NULL pointer dereference (CVE-2009-3896). \n* nginx does not properly sanitize user input for the the WebDAV COPY\n or MOVE methods (CVE-2009-3898). \n* The \"ngx_resolver_copy()\" function in ngx_resolver.c contains a\n boundary error which could cause a heap-based buffer overflow\n (CVE-2011-4315). \n* nginx does not properly parse HTTP header responses which could\n expose sensitive information (CVE-2012-1180). \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the nginx process, cause a Denial of Service condition,\ncreate or overwrite arbitrary files, or obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.0.14\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2009-3896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896\n[ 3 ] CVE-2009-3898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898\n[ 4 ] CVE-2011-4315\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315\n[ 5 ] CVE-2012-1180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-22.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nGentoo update for nginx\n\nSECUNIA ADVISORY ID:\nSA48577\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48577/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577\n\nRELEASE DATE:\n2012-03-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48577/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48577/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nGentoo has issued an update for nginx. This fixes a weakness, a\nsecurity issue, and multiple vulnerabilities, which can be exploited\nby malicious people to disclose certain sensitive information, bypass\ncertain security restrictions, cause a DoS (Denial of Service),\nmanipulate certain data, and potentially compromise a vulnerable\nsystem. \n\nFor more information:\nSA36751\nSA36818\nSA37291\nSA46798\nSA48366\n\nSOLUTION:\nUpdate to \"www-servers/nginx-1.0.14\" or later. \n\nORIGINAL ADVISORY:\nGLSA 201203-22:\nhttp://www.gentoo.org/security/en/glsa/glsa-201203-22.xml\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "BID", "id": "36839" }, { "db": "VULHUB", "id": "VHN-41342" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2009-3896", "trust": 2.9 }, { "db": "BID", "id": "36839", "trust": 2.0 }, { "db": "SECUNIA", "id": "48577", "trust": 1.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/20/1", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/20/6", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2009/11/23/10", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2009-005107", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200911-243", "trust": 0.7 }, { "db": "SEEBUG", "id": "SSVID-87573", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-41342", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111273", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111263", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-41342" }, { "db": "BID", "id": "36839" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "id": "VAR-200911-0310", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-41342" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:54:43.254000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://nginx.org/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005107" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-41342" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "NVD", "id": "CVE-2009-3896" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/36839" }, { "trust": 1.7, "url": "http://secunia.com/advisories/48577" }, { "trust": 1.7, "url": "http://www.debian.org/security/2009/dsa-1920" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2009/11/20/6" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "trust": 1.7, "url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz" }, { "trust": 1.7, "url": "http://sysoev.ru/nginx/patch.null.pointer.txt" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=539565" }, { "trust": 1.6, "url": "http://marc.info/?l=nginx\u0026m=125692080328141\u0026w=2" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3896" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3896" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.1, "url": "http://marc.info/?l=nginx\u0026amp;m=125692080328141\u0026amp;w=2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3896" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4315" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3896" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4315" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "http://secunia.com/psi_30_beta_launch" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48577/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48577/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-41342" }, { "db": "BID", "id": "36839" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-41342" }, { "db": "BID", "id": "36839" }, { "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "db": "PACKETSTORM", "id": "111273" }, { "db": "PACKETSTORM", "id": "111263" }, { "db": "NVD", "id": "CVE-2009-3896" }, { "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-11-24T00:00:00", "db": "VULHUB", "id": "VHN-41342" }, { "date": "2009-10-27T00:00:00", "db": "BID", "id": "36839" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "date": "2012-03-29T02:37:12", "db": "PACKETSTORM", "id": "111273" }, { "date": "2012-03-28T06:36:19", "db": "PACKETSTORM", "id": "111263" }, { "date": "2009-11-24T17:30:00.377000", "db": "NVD", "id": "CVE-2009-3896" }, { "date": "2009-10-27T00:00:00", "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-41342" }, { "date": "2015-04-13T20:25:00", "db": "BID", "id": "36839" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-005107" }, { "date": "2021-11-10T15:52:55.747000", "db": "NVD", "id": "CVE-2009-3896" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-200911-243" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200911-243" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx of src/http/ngx_http_parse.c Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005107" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200911-243" } ], "trust": 0.6 } }