var-201311-0399
Vulnerability from variot
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. nginx 0.8.41 through 1.5.6 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A security vulnerability exists in nginx versions 0.8.41 through 1.4.3 and 1.5.x prior to 1.5.7. The vulnerability stems from the program not properly validating request URIs containing unescaped space characters.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547 http://advisories.mageia.org/MGASA-2013-0349.html
Updated Packages:
Mandriva Business Server 1/X86_64: ee03201627b548e26667eec1e5ac7dae mbs1/x86_64/nginx-1.0.15-3.1.mbs1.x86_64.rpm 6404dde21b871054a663171b5460fac8 mbs1/SRPMS/nginx-1.0.15-3.1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2802-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst November 21, 2013 http://www.debian.org/security/faq
Package : nginx Vulnerability : restriction bypass Problem type : remote Debian-specific: no CVE ID : CVE-2013-4547 Debian Bug : 730012
Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request.
The oldstable distribution (squeeze) is not affected by this problem.
For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy2.
For the unstable distribution (sid), this problem has been fixed in version 1.4.4-1.
We recommend that you upgrade your nginx packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST q9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO 3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6 Ddh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6 OHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f vAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw== =ttYS -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201311-0399", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "12.3" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.1" }, { "model": "lifecycle management server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "1.3" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "0.8.41" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.5.6" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.5.0" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "12.2" }, { "model": "studio onsite", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "1.3" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.4.4" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.4" }, { "model": "webyast", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "1.5.7" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.5.x" }, { "model": "nginx", "scope": "eq", "trust": 0.8, "vendor": "igor sysoev", "version": "0.8.41 to 1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.4.2" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "igor sysoev", "version": "1.3.8" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.1.17" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.14" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.10" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.9" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.8" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "0.8.40" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.1.19" }, { "model": "sysoev nginx", "scope": "eq", "trust": 0.3, "vendor": "igor", "version": "1.0.15" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" } ], "sources": [ { "db": "BID", "id": "63814" }, { "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "db": "NVD", "id": "CVE-2013-4547" }, { "db": "CNNVD", "id": "CNNVD-201311-336" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.4", "versionStartIncluding": "0.8.41", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.5.6", "versionStartIncluding": "1.5.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:suse:lifecycle_management_server:1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:suse:webyast:1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2013-4547" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ivan Fratric of the Google Security Team", "sources": [ { "db": "BID", "id": "63814" }, { "db": "CNNVD", "id": "CNNVD-201311-336" } ], "trust": 0.9 }, "cve": "CVE-2013-4547", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2013-4547", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-64549", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2013-4547", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201311-336", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-64549", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2013-4547", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-64549" }, { "db": "VULMON", "id": "CVE-2013-4547" }, { "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "db": "NVD", "id": "CVE-2013-4547" }, { "db": "CNNVD", "id": "CNNVD-201311-336" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx is prone to a remote security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \nnginx 0.8.41 through 1.5.6 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A security vulnerability exists in nginx versions 0.8.41 through 1.4.3 and 1.5.x prior to 1.5.7. The vulnerability stems from the program not properly validating request URIs containing unescaped space characters. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547\n http://advisories.mageia.org/MGASA-2013-0349.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n ee03201627b548e26667eec1e5ac7dae mbs1/x86_64/nginx-1.0.15-3.1.mbs1.x86_64.rpm \n 6404dde21b871054a663171b5460fac8 mbs1/SRPMS/nginx-1.0.15-3.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2802-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nNovember 21, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nginx\nVulnerability : restriction bypass\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4547\nDebian Bug : 730012\n\nIvan Fratric of the Google Security Team discovered a bug in nginx,\na web server, which might allow an attacker to bypass security\nrestrictions by using a specially crafted request. \n\nThe oldstable distribution (squeeze) is not affected by this problem. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.1-2.2+wheezy2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.4-1. \n\nWe recommend that you upgrade your nginx packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST\nq9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO\n3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6\nDdh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6\nOHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f\nvAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw==\n=ttYS\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2013-4547" }, { "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "db": "BID", "id": "63814" }, { "db": "VULHUB", "id": "VHN-64549" }, { "db": "VULMON", "id": "CVE-2013-4547" }, { "db": "PACKETSTORM", "id": "124159" }, { "db": "PACKETSTORM", "id": "124145" } ], "trust": 2.25 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-64549", "trust": 0.1, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38846", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-64549" }, { "db": "VULMON", "id": "CVE-2013-4547" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2013-4547", "trust": 3.1 }, { "db": "SECUNIA", "id": "55825", "trust": 1.8 }, { "db": "SECUNIA", "id": "55757", "trust": 1.8 }, { "db": "SECUNIA", "id": "55822", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2013-005289", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201311-336", "trust": 0.7 }, { "db": "BID", "id": "63814", "trust": 0.5 }, { "db": "PACKETSTORM", "id": "124145", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "124159", "trust": 0.2 }, { "db": "EXPLOIT-DB", "id": "38846", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-64549", "trust": 0.1 }, { "db": "EXPLOITDB", "id": "38846", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2013-4547", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-64549" }, { "db": "VULMON", "id": "CVE-2013-4547" }, { "db": "BID", "id": "63814" }, { "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "db": "PACKETSTORM", "id": "124159" }, { "db": "PACKETSTORM", "id": "124145" }, { "db": "NVD", "id": "CVE-2013-4547" }, { "db": "CNNVD", "id": "CNNVD-201311-336" } ] }, "id": "VAR-201311-0399", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-64549" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T12:21:32.796000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-2802", "trust": 0.8, "url": "http://www.debian.org/security/2013/dsa-2802" }, { "title": "Top Page", "trust": 0.8, "url": "http://nginx.com/" }, { "title": "SUSE-SU-2013:1895", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html" }, { "title": "openSUSE-SU-2013:1791", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html" }, { "title": "openSUSE-SU-2013:1792", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html" }, { "title": "openSUSE-SU-2013:1745", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html" }, { "title": "nginx-1.5.7", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48998" }, { "title": "nginx-1.4.4", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48997" }, { "title": "nginx-1.4.4", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48996" }, { "title": "nginx-1.4.4", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=49035" }, { "title": "nginx-1.5.7", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48999" }, { "title": "Debian CVElist Bug Report Logs: nginx: CVE-2013-4547", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f4bb5a4a182af6a4c8ca260ef90a3d69" }, { "title": "Debian Security Advisories: DSA-2802-1 nginx -- restriction bypass", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0e9f3c319e9988b421581c9d566c73e5" }, { "title": "Debian CVElist Bug Report Logs: nginx:CVE-2014-3616: possible to reuse cached SSL sessions in unrelated contexts", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=703629f55868e4fc7623e469fe23486b" }, { "title": "Amazon Linux AMI: ALAS-2013-249", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2013-249" }, { "title": "DVWA-Note", "trust": 0.1, "url": "https://github.com/dhgdhg/dvwa- " }, { "title": "DVWA-Note", "trust": 0.1, "url": "https://github.com/twfb/dvwa-note " }, { "title": "DVWA-Note", "trust": 0.1, "url": "https://github.com/dhgdhg/dvwa " }, { "title": "usn-search", "trust": 0.1, "url": "https://github.com/lukeber4/usn-search " }, { "title": "Vision", "trust": 0.1, "url": "https://github.com/coolervoid/vision " }, { "title": "Vision2", "trust": 0.1, "url": "https://github.com/coolervoid/vision2 " }, { "title": "woodswiki", "trust": 0.1, "url": "https://github.com/woods-sega/woodswiki " } ], "sources": [ { "db": "VULMON", "id": "CVE-2013-4547" }, { "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "db": "CNNVD", "id": "CNNVD-201311-336" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-116", "trust": 1.1 }, { "problemtype": "CWE-264", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-64549" }, { "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "db": "NVD", "id": "CVE-2013-4547" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.debian.org/security/2012/dsa-2802" }, { "trust": 2.1, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html" }, { "trust": 1.8, "url": "http://secunia.com/advisories/55757" }, { "trust": 1.8, "url": "http://secunia.com/advisories/55822" }, { "trust": 1.8, "url": "http://secunia.com/advisories/55825" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4547" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4547" }, { "trust": 0.3, "url": "http://nginx.org/download/patch.2013.space.txt" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671931" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4547" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/116.html" }, { "trust": 0.1, "url": "https://github.com/dhgdhg/dvwa-" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/38846/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.securityfocus.com/bid/63814" }, { "trust": 0.1, "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730012" }, { "trust": 0.1, "url": "https://www.debian.org/security/./dsa-2802" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://advisories.mageia.org/mgasa-2013-0349.html" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-64549" }, { "db": "VULMON", "id": "CVE-2013-4547" }, { "db": "BID", "id": "63814" }, { "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "db": "PACKETSTORM", "id": "124159" }, { "db": "PACKETSTORM", "id": "124145" }, { "db": "NVD", "id": "CVE-2013-4547" }, { "db": "CNNVD", "id": "CNNVD-201311-336" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-64549" }, { "db": "VULMON", "id": "CVE-2013-4547" }, { "db": "BID", "id": "63814" }, { "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "db": "PACKETSTORM", "id": "124159" }, { "db": "PACKETSTORM", "id": "124145" }, { "db": "NVD", "id": "CVE-2013-4547" }, { "db": "CNNVD", "id": "CNNVD-201311-336" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-11-23T00:00:00", "db": "VULHUB", "id": "VHN-64549" }, { "date": "2013-11-23T00:00:00", "db": "VULMON", "id": "CVE-2013-4547" }, { "date": "2013-11-19T00:00:00", "db": "BID", "id": "63814" }, { "date": "2013-11-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "date": "2013-11-25T17:07:04", "db": "PACKETSTORM", "id": "124159" }, { "date": "2013-11-22T21:29:14", "db": "PACKETSTORM", "id": "124145" }, { "date": "2013-11-23T18:55:04.687000", "db": "NVD", "id": "CVE-2013-4547" }, { "date": "2013-11-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201311-336" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-64549" }, { "date": "2021-11-10T00:00:00", "db": "VULMON", "id": "CVE-2013-4547" }, { "date": "2015-05-07T17:10:00", "db": "BID", "id": "63814" }, { "date": "2013-12-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-005289" }, { "date": "2021-11-10T15:59:33.657000", "db": "NVD", "id": "CVE-2013-4547" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201311-336" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201311-336" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Vulnerabilities that bypass restrictions", "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-005289" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201311-336" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.