var-201311-0399
Vulnerability from variot

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. nginx 0.8.41 through 1.5.6 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A security vulnerability exists in nginx versions 0.8.41 through 1.4.3 and 1.5.x prior to 1.5.7. The vulnerability stems from the program not properly validating request URIs containing unescaped space characters.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547 http://advisories.mageia.org/MGASA-2013-0349.html


Updated Packages:

Mandriva Business Server 1/X86_64: ee03201627b548e26667eec1e5ac7dae mbs1/x86_64/nginx-1.0.15-3.1.mbs1.x86_64.rpm 6404dde21b871054a663171b5460fac8 mbs1/SRPMS/nginx-1.0.15-3.1.mbs1.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Debian Security Advisory DSA-2802-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst November 21, 2013 http://www.debian.org/security/faq


Package : nginx Vulnerability : restriction bypass Problem type : remote Debian-specific: no CVE ID : CVE-2013-4547 Debian Bug : 730012

Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request.

The oldstable distribution (squeeze) is not affected by this problem.

For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy2.

For the unstable distribution (sid), this problem has been fixed in version 1.4.4-1.

We recommend that you upgrade your nginx packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST q9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO 3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6 Ddh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6 OHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f vAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw== =ttYS -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201311-0399",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "12.3"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "lifecycle management server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "0.8.41"
      },
      {
        "model": "nginx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.5.6"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.5.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "12.2"
      },
      {
        "model": "studio onsite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.4.4"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "11.4"
      },
      {
        "model": "webyast",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "1.5.7"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "1.5.x"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "0.8.41 to  1.4.3"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.3.4"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.4.1"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.3.3"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.3.5"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.4.2"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.3.7"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.3.6"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.3.9"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.4.0"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igor sysoev",
        "version": "1.3.8"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.1.17"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.0.14"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.0.10"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.0.9"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.0.8"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "0.8.40"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.1.19"
      },
      {
        "model": "sysoev nginx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "igor",
        "version": "1.0.15"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "63814"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.4.4",
                "versionStartIncluding": "0.8.41",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.6",
                "versionStartIncluding": "1.5.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:suse:lifecycle_management_server:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:suse:webyast:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-4547"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ivan Fratric of the Google Security Team",
    "sources": [
      {
        "db": "BID",
        "id": "63814"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2013-4547",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2013-4547",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-64549",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-4547",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201311-336",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-64549",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2013-4547",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4547"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx is prone to a remote security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \nnginx 0.8.41 through 1.5.6 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A security vulnerability exists in nginx versions 0.8.41 through 1.4.3 and 1.5.x prior to 1.5.7. The vulnerability stems from the program not properly validating request URIs containing unescaped space characters. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547\n http://advisories.mageia.org/MGASA-2013-0349.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n ee03201627b548e26667eec1e5ac7dae  mbs1/x86_64/nginx-1.0.15-3.1.mbs1.x86_64.rpm \n 6404dde21b871054a663171b5460fac8  mbs1/SRPMS/nginx-1.0.15-3.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2802-1                   security@debian.org\nhttp://www.debian.org/security/                           Thijs Kinkhorst\nNovember 21, 2013                      http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : nginx\nVulnerability  : restriction bypass\nProblem type   : remote\nDebian-specific: no\nCVE ID         : CVE-2013-4547\nDebian Bug     : 730012\n\nIvan Fratric of the Google Security Team discovered a bug in nginx,\na web server, which might allow an attacker to bypass security\nrestrictions by using a specially crafted request. \n\nThe oldstable distribution (squeeze) is not affected by this problem. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.1-2.2+wheezy2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.4-1. \n\nWe recommend that you upgrade your nginx packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST\nq9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO\n3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6\nDdh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6\nOHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f\nvAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw==\n=ttYS\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-4547"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "db": "BID",
        "id": "63814"
      },
      {
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4547"
      },
      {
        "db": "PACKETSTORM",
        "id": "124159"
      },
      {
        "db": "PACKETSTORM",
        "id": "124145"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-64549",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38846",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4547"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-4547",
        "trust": 3.1
      },
      {
        "db": "SECUNIA",
        "id": "55825",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "55757",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "55822",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "63814",
        "trust": 0.5
      },
      {
        "db": "PACKETSTORM",
        "id": "124145",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "124159",
        "trust": 0.2
      },
      {
        "db": "EXPLOIT-DB",
        "id": "38846",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-64549",
        "trust": 0.1
      },
      {
        "db": "EXPLOITDB",
        "id": "38846",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4547",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4547"
      },
      {
        "db": "BID",
        "id": "63814"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "db": "PACKETSTORM",
        "id": "124159"
      },
      {
        "db": "PACKETSTORM",
        "id": "124145"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ]
  },
  "id": "VAR-201311-0399",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64549"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:21:32.796000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DSA-2802",
        "trust": 0.8,
        "url": "http://www.debian.org/security/2013/dsa-2802"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://nginx.com/"
      },
      {
        "title": "SUSE-SU-2013:1895",
        "trust": 0.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html"
      },
      {
        "title": "openSUSE-SU-2013:1791",
        "trust": 0.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html"
      },
      {
        "title": "openSUSE-SU-2013:1792",
        "trust": 0.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html"
      },
      {
        "title": "openSUSE-SU-2013:1745",
        "trust": 0.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html"
      },
      {
        "title": "nginx-1.5.7",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48998"
      },
      {
        "title": "nginx-1.4.4",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48997"
      },
      {
        "title": "nginx-1.4.4",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48996"
      },
      {
        "title": "nginx-1.4.4",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=49035"
      },
      {
        "title": "nginx-1.5.7",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48999"
      },
      {
        "title": "Debian CVElist Bug Report Logs: nginx: CVE-2013-4547",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f4bb5a4a182af6a4c8ca260ef90a3d69"
      },
      {
        "title": "Debian Security Advisories: DSA-2802-1 nginx -- restriction bypass",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0e9f3c319e9988b421581c9d566c73e5"
      },
      {
        "title": "Debian CVElist Bug Report Logs: nginx:CVE-2014-3616: possible to reuse cached SSL sessions in unrelated contexts",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=703629f55868e4fc7623e469fe23486b"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2013-249",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2013-249"
      },
      {
        "title": "DVWA-Note",
        "trust": 0.1,
        "url": "https://github.com/dhgdhg/dvwa- "
      },
      {
        "title": "DVWA-Note",
        "trust": 0.1,
        "url": "https://github.com/twfb/dvwa-note "
      },
      {
        "title": "DVWA-Note",
        "trust": 0.1,
        "url": "https://github.com/dhgdhg/dvwa "
      },
      {
        "title": "usn-search",
        "trust": 0.1,
        "url": "https://github.com/lukeber4/usn-search "
      },
      {
        "title": "Vision",
        "trust": 0.1,
        "url": "https://github.com/coolervoid/vision "
      },
      {
        "title": "Vision2",
        "trust": 0.1,
        "url": "https://github.com/coolervoid/vision2 "
      },
      {
        "title": "woodswiki",
        "trust": 0.1,
        "url": "https://github.com/woods-sega/woodswiki "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2013-4547"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-116",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4547"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.debian.org/security/2012/dsa-2802"
      },
      {
        "trust": 2.1,
        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/55757"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/55822"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/55825"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4547"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4547"
      },
      {
        "trust": 0.3,
        "url": "http://nginx.org/download/patch.2013.space.txt"
      },
      {
        "trust": 0.3,
        "url": "http://nginx.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671931"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4547"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/116.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/dhgdhg/dvwa-"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/38846/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/63814"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730012"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/./dsa-2802"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2013-0349.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4547"
      },
      {
        "db": "BID",
        "id": "63814"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "db": "PACKETSTORM",
        "id": "124159"
      },
      {
        "db": "PACKETSTORM",
        "id": "124145"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4547"
      },
      {
        "db": "BID",
        "id": "63814"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "db": "PACKETSTORM",
        "id": "124159"
      },
      {
        "db": "PACKETSTORM",
        "id": "124145"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-11-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "date": "2013-11-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-4547"
      },
      {
        "date": "2013-11-19T00:00:00",
        "db": "BID",
        "id": "63814"
      },
      {
        "date": "2013-11-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "date": "2013-11-25T17:07:04",
        "db": "PACKETSTORM",
        "id": "124159"
      },
      {
        "date": "2013-11-22T21:29:14",
        "db": "PACKETSTORM",
        "id": "124145"
      },
      {
        "date": "2013-11-23T18:55:04.687000",
        "db": "NVD",
        "id": "CVE-2013-4547"
      },
      {
        "date": "2013-11-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-11-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-64549"
      },
      {
        "date": "2021-11-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-4547"
      },
      {
        "date": "2015-05-07T17:10:00",
        "db": "BID",
        "id": "63814"
      },
      {
        "date": "2013-12-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      },
      {
        "date": "2021-11-10T15:59:33.657000",
        "db": "NVD",
        "id": "CVE-2013-4547"
      },
      {
        "date": "2023-05-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "nginx Vulnerabilities that bypass restrictions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005289"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-336"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.