var-201311-0399
Vulnerability from variot
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. nginx 0.8.41 through 1.5.6 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A security vulnerability exists in nginx versions 0.8.41 through 1.4.3 and 1.5.x prior to 1.5.7. The vulnerability stems from the program not properly validating request URIs containing unescaped space characters.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547 http://advisories.mageia.org/MGASA-2013-0349.html
Updated Packages:
Mandriva Business Server 1/X86_64: ee03201627b548e26667eec1e5ac7dae mbs1/x86_64/nginx-1.0.15-3.1.mbs1.x86_64.rpm 6404dde21b871054a663171b5460fac8 mbs1/SRPMS/nginx-1.0.15-3.1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2802-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst November 21, 2013 http://www.debian.org/security/faq
Package : nginx Vulnerability : restriction bypass Problem type : remote Debian-specific: no CVE ID : CVE-2013-4547 Debian Bug : 730012
Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request.
The oldstable distribution (squeeze) is not affected by this problem.
For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy2.
For the unstable distribution (sid), this problem has been fixed in version 1.4.4-1.
We recommend that you upgrade your nginx packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST q9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO 3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6 Ddh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6 OHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f vAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw== =ttYS -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0399",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "12.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "lifecycle management server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "1.3"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.41"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "12.2"
},
{
"model": "studio onsite",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "1.3"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.4.4"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.4"
},
{
"model": "webyast",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "1.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.5.7"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.5.x"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.8.41 to 1.4.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.3.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.3.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.3.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.4.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.3.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.3.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.3.8"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.1.17"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.14"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.10"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.9"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.8"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.40"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.1.19"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.15"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "63814"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"db": "NVD",
"id": "CVE-2013-4547"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.4.4",
"versionStartIncluding": "0.8.41",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.6",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:suse:lifecycle_management_server:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:webyast:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4547"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan Fratric of the Google Security Team",
"sources": [
{
"db": "BID",
"id": "63814"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
}
],
"trust": 0.9
},
"cve": "CVE-2013-4547",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-4547",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-64549",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-4547",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201311-336",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-64549",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-4547",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64549"
},
{
"db": "VULMON",
"id": "CVE-2013-4547"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"db": "NVD",
"id": "CVE-2013-4547"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx is prone to a remote security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \nnginx 0.8.41 through 1.5.6 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A security vulnerability exists in nginx versions 0.8.41 through 1.4.3 and 1.5.x prior to 1.5.7. The vulnerability stems from the program not properly validating request URIs containing unescaped space characters. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547\n http://advisories.mageia.org/MGASA-2013-0349.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n ee03201627b548e26667eec1e5ac7dae mbs1/x86_64/nginx-1.0.15-3.1.mbs1.x86_64.rpm \n 6404dde21b871054a663171b5460fac8 mbs1/SRPMS/nginx-1.0.15-3.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2802-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nNovember 21, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nginx\nVulnerability : restriction bypass\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4547\nDebian Bug : 730012\n\nIvan Fratric of the Google Security Team discovered a bug in nginx,\na web server, which might allow an attacker to bypass security\nrestrictions by using a specially crafted request. \n\nThe oldstable distribution (squeeze) is not affected by this problem. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.1-2.2+wheezy2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.4-1. \n\nWe recommend that you upgrade your nginx packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST\nq9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO\n3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6\nDdh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6\nOHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f\nvAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw==\n=ttYS\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4547"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"db": "BID",
"id": "63814"
},
{
"db": "VULHUB",
"id": "VHN-64549"
},
{
"db": "VULMON",
"id": "CVE-2013-4547"
},
{
"db": "PACKETSTORM",
"id": "124159"
},
{
"db": "PACKETSTORM",
"id": "124145"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-64549",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38846",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64549"
},
{
"db": "VULMON",
"id": "CVE-2013-4547"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4547",
"trust": 3.1
},
{
"db": "SECUNIA",
"id": "55825",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "55757",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "55822",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201311-336",
"trust": 0.7
},
{
"db": "BID",
"id": "63814",
"trust": 0.5
},
{
"db": "PACKETSTORM",
"id": "124145",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "124159",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "38846",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-64549",
"trust": 0.1
},
{
"db": "EXPLOITDB",
"id": "38846",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-4547",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64549"
},
{
"db": "VULMON",
"id": "CVE-2013-4547"
},
{
"db": "BID",
"id": "63814"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"db": "PACKETSTORM",
"id": "124159"
},
{
"db": "PACKETSTORM",
"id": "124145"
},
{
"db": "NVD",
"id": "CVE-2013-4547"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
}
]
},
"id": "VAR-201311-0399",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-64549"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:21:32.796000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2802",
"trust": 0.8,
"url": "http://www.debian.org/security/2013/dsa-2802"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://nginx.com/"
},
{
"title": "SUSE-SU-2013:1895",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html"
},
{
"title": "openSUSE-SU-2013:1791",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html"
},
{
"title": "openSUSE-SU-2013:1792",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html"
},
{
"title": "openSUSE-SU-2013:1745",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html"
},
{
"title": "nginx-1.5.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48998"
},
{
"title": "nginx-1.4.4",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48997"
},
{
"title": "nginx-1.4.4",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48996"
},
{
"title": "nginx-1.4.4",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=49035"
},
{
"title": "nginx-1.5.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48999"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: CVE-2013-4547",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f4bb5a4a182af6a4c8ca260ef90a3d69"
},
{
"title": "Debian Security Advisories: DSA-2802-1 nginx -- restriction bypass",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0e9f3c319e9988b421581c9d566c73e5"
},
{
"title": "Debian CVElist Bug Report Logs: nginx:CVE-2014-3616: possible to reuse cached SSL sessions in unrelated contexts",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=703629f55868e4fc7623e469fe23486b"
},
{
"title": "Amazon Linux AMI: ALAS-2013-249",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2013-249"
},
{
"title": "DVWA-Note",
"trust": 0.1,
"url": "https://github.com/dhgdhg/dvwa- "
},
{
"title": "DVWA-Note",
"trust": 0.1,
"url": "https://github.com/twfb/dvwa-note "
},
{
"title": "DVWA-Note",
"trust": 0.1,
"url": "https://github.com/dhgdhg/dvwa "
},
{
"title": "usn-search",
"trust": 0.1,
"url": "https://github.com/lukeber4/usn-search "
},
{
"title": "Vision",
"trust": 0.1,
"url": "https://github.com/coolervoid/vision "
},
{
"title": "Vision2",
"trust": 0.1,
"url": "https://github.com/coolervoid/vision2 "
},
{
"title": "woodswiki",
"trust": 0.1,
"url": "https://github.com/woods-sega/woodswiki "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-4547"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-116",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64549"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"db": "NVD",
"id": "CVE-2013-4547"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.debian.org/security/2012/dsa-2802"
},
{
"trust": 2.1,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/55757"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/55822"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/55825"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4547"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4547"
},
{
"trust": 0.3,
"url": "http://nginx.org/download/patch.2013.space.txt"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671931"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4547"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/116.html"
},
{
"trust": 0.1,
"url": "https://github.com/dhgdhg/dvwa-"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/38846/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/63814"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730012"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-2802"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2013-0349.html"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64549"
},
{
"db": "VULMON",
"id": "CVE-2013-4547"
},
{
"db": "BID",
"id": "63814"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"db": "PACKETSTORM",
"id": "124159"
},
{
"db": "PACKETSTORM",
"id": "124145"
},
{
"db": "NVD",
"id": "CVE-2013-4547"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-64549"
},
{
"db": "VULMON",
"id": "CVE-2013-4547"
},
{
"db": "BID",
"id": "63814"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"db": "PACKETSTORM",
"id": "124159"
},
{
"db": "PACKETSTORM",
"id": "124145"
},
{
"db": "NVD",
"id": "CVE-2013-4547"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-23T00:00:00",
"db": "VULHUB",
"id": "VHN-64549"
},
{
"date": "2013-11-23T00:00:00",
"db": "VULMON",
"id": "CVE-2013-4547"
},
{
"date": "2013-11-19T00:00:00",
"db": "BID",
"id": "63814"
},
{
"date": "2013-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"date": "2013-11-25T17:07:04",
"db": "PACKETSTORM",
"id": "124159"
},
{
"date": "2013-11-22T21:29:14",
"db": "PACKETSTORM",
"id": "124145"
},
{
"date": "2013-11-23T18:55:04.687000",
"db": "NVD",
"id": "CVE-2013-4547"
},
{
"date": "2013-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-336"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-64549"
},
{
"date": "2021-11-10T00:00:00",
"db": "VULMON",
"id": "CVE-2013-4547"
},
{
"date": "2015-05-07T17:10:00",
"db": "BID",
"id": "63814"
},
{
"date": "2013-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"date": "2021-11-10T15:59:33.657000",
"db": "NVD",
"id": "CVE-2013-4547"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-336"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Vulnerabilities that bypass restrictions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.