var-201811-0986
Vulnerability from variot
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Versions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev.
For the stable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u2.
We recommend that you upgrade your nginx packages. ========================================================================== Ubuntu Security Notice USN-3812-1 November 07, 2018
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx.
Software Description: - nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)
Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16844)
It was discovered that nginx incorrectly handled the ngx_http_mp4_module module. A remote attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2018-16845)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: nginx-common 1.15.5-0ubuntu2.1 nginx-core 1.15.5-0ubuntu2.1 nginx-extras 1.15.5-0ubuntu2.1 nginx-full 1.15.5-0ubuntu2.1 nginx-light 1.15.5-0ubuntu2.1
Ubuntu 18.04 LTS: nginx-common 1.14.0-0ubuntu1.2 nginx-core 1.14.0-0ubuntu1.2 nginx-extras 1.14.0-0ubuntu1.2 nginx-full 1.14.0-0ubuntu1.2 nginx-light 1.14.0-0ubuntu1.2
Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.3 nginx-core 1.10.3-0ubuntu0.16.04.3 nginx-extras 1.10.3-0ubuntu0.16.04.3 nginx-full 1.10.3-0ubuntu0.16.04.3 nginx-light 1.10.3-0ubuntu0.16.04.3
Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.9 nginx-core 1.4.6-1ubuntu3.9 nginx-extras 1.4.6-1ubuntu3.9 nginx-full 1.4.6-1ubuntu3.9 nginx-light 1.4.6-1ubuntu3.9
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx114-nginx security update Advisory ID: RHSA-2018:3681-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3681 Issue date: 2018-11-27 CVE Names: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 ==================================================================== 1. Summary:
An update for rh-nginx114-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a later upstream version: rh-nginx114-nginx (1.14.1).
Red Hat would like to thank the Nginx project for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx114-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
aarch64: rh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
aarch64: rh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16843 https://access.redhat.com/security/cve/CVE-2018-16844 https://access.redhat.com/security/cve/CVE-2018-16845 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW/0L0tzjgjWX9erEAQi/dA//TeRNgNBL26V6hp7bf1NojNPyPdOdgyEb VvJJMTCvsafmFT15/SzElx34Dy6OLqqreBkNj39zMH9fK64CS3XhjEAyazyp+kMO SEXRR8+0f1ZLcHRkR0ODWKqXI9yFYAWLjrq8pXw2877P8DrR2qm8O+e6HqFXU11w nIWJB/AvnoX2bAlXXkXfN4nX712bPXp435vI5YRizho+/Ihb/mRlWMx+Bn8ma/xW J793HiOmdZrugXTvn/34A8vPY04wRcn6tPhMzob6FT/CBLhsTXUmBbQxQUnNboaJ oaaf/RD+IIpgqpxEk41p+Jtq5SiOfQ9KB9gbyzXpaarjZwYLm3BwrpnIES6Cd3BM ScqMrIthu/9ZOQLpPET6ypuBYU53xwPHlhBBNnA+MGjz4mrvzc7WTgoFsV1VFAfY 3TXlFkfv6cRV5IEoHa4GBaR+1g2lzvi8iirep09bqtv5VFJsD+RwspY1OZOVB4st fXXSzVsWuzFGFYkFBTyuKzJkhBrl3BHjK8VRuBlNTBMvLa5Q+YmOmzAQAmmKoZYn JeBulCz6hSJ8lHN8GiQxkqeOMZz3XUe0L4mAdkk+UqBxUrB16nDRxBUVpqMbulJl IyAqBeA4ekIvf376D6Jh0VDEkLfpesjoFACdVwdjKzLJI9e7ljut81rwmCtmWT7i vpRowVLRFpwoP7 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0986", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.15.6" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.14.1" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.15.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.9.5" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.10" }, { "model": "nginx", "scope": "eq", "trust": 0.9, "vendor": "nginx", "version": "1.0.9" }, { "model": "nginx", "scope": "eq", "trust": 0.9, "vendor": "nginx", "version": "1.0.8" }, { "model": "nginx", "scope": "eq", "trust": 0.9, "vendor": "nginx", "version": "1.0.7" }, { "model": "ubuntu", "scope": null, "trust": 0.8, "vendor": "canonical", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.14.1" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.15.6" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.0.6" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.0.5" }, { "model": "nginx", "scope": "eq", "trust": 0.6, "vendor": "nginx", "version": "1.0.4" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "software collections for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.15.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.13.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.10" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.15.6" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.14.1" } ], "sources": [ { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.14.1", "versionStartIncluding": "1.9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.15.6", "versionStartIncluding": "1.15.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-16844" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Gal Goldshtein from F5 Networks, and Maxim Konovalov (Nginx)", "sources": [ { "db": "BID", "id": "105868" } ], "trust": 0.3 }, "cve": "CVE-2018-16844", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-16844", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-127244", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "secalert@redhat.com", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-16844", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-16844", "trust": 1.8, "value": "HIGH" }, { "author": "secalert@redhat.com", "id": "CVE-2018-16844", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201811-120", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-127244", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-16844", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-127244" }, { "db": "VULMON", "id": "CVE-2018-16844" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the \u0027http2\u0027 option of the \u0027listen\u0027 directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. \nVersions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2. \n\nWe recommend that you upgrade your nginx packages. ==========================================================================\nUbuntu Security Notice USN-3812-1\nNovember 07, 2018\n\nnginx vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nIt was discovered that nginx incorrectly handled the HTTP/2 implementation. \nA remote attacker could possibly use this issue to cause excessive memory\nconsumption, leading to a denial of service. This issue only affected\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)\n\nGal Goldshtein discovered that nginx incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nexcessive CPU usage, leading to a denial of service. This issue only\naffected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. \n(CVE-2018-16844)\n\nIt was discovered that nginx incorrectly handled the ngx_http_mp4_module\nmodule. A remote attacker could possibly use this issue with a specially\ncrafted mp4 file to cause nginx to crash, stop responding, or access\narbitrary memory. (CVE-2018-16845)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n nginx-common 1.15.5-0ubuntu2.1\n nginx-core 1.15.5-0ubuntu2.1\n nginx-extras 1.15.5-0ubuntu2.1\n nginx-full 1.15.5-0ubuntu2.1\n nginx-light 1.15.5-0ubuntu2.1\n\nUbuntu 18.04 LTS:\n nginx-common 1.14.0-0ubuntu1.2\n nginx-core 1.14.0-0ubuntu1.2\n nginx-extras 1.14.0-0ubuntu1.2\n nginx-full 1.14.0-0ubuntu1.2\n nginx-light 1.14.0-0ubuntu1.2\n\nUbuntu 16.04 LTS:\n nginx-common 1.10.3-0ubuntu0.16.04.3\n nginx-core 1.10.3-0ubuntu0.16.04.3\n nginx-extras 1.10.3-0ubuntu0.16.04.3\n nginx-full 1.10.3-0ubuntu0.16.04.3\n nginx-light 1.10.3-0ubuntu0.16.04.3\n\nUbuntu 14.04 LTS:\n nginx-common 1.4.6-1ubuntu3.9\n nginx-core 1.4.6-1ubuntu3.9\n nginx-extras 1.4.6-1ubuntu3.9\n nginx-full 1.4.6-1ubuntu3.9\n nginx-light 1.4.6-1ubuntu3.9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx114-nginx security update\nAdvisory ID: RHSA-2018:3681-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3681\nIssue date: 2018-11-27\nCVE Names: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845\n====================================================================\n1. Summary:\n\nAn update for rh-nginx114-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nginx114-nginx (1.14.1). \n\nRed Hat would like to thank the Nginx project for reporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx114-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16843\nhttps://access.redhat.com/security/cve/CVE-2018-16844\nhttps://access.redhat.com/security/cve/CVE-2018-16845\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/0L0tzjgjWX9erEAQi/dA//TeRNgNBL26V6hp7bf1NojNPyPdOdgyEb\nVvJJMTCvsafmFT15/SzElx34Dy6OLqqreBkNj39zMH9fK64CS3XhjEAyazyp+kMO\nSEXRR8+0f1ZLcHRkR0ODWKqXI9yFYAWLjrq8pXw2877P8DrR2qm8O+e6HqFXU11w\nnIWJB/AvnoX2bAlXXkXfN4nX712bPXp435vI5YRizho+/Ihb/mRlWMx+Bn8ma/xW\nJ793HiOmdZrugXTvn/34A8vPY04wRcn6tPhMzob6FT/CBLhsTXUmBbQxQUnNboaJ\noaaf/RD+IIpgqpxEk41p+Jtq5SiOfQ9KB9gbyzXpaarjZwYLm3BwrpnIES6Cd3BM\nScqMrIthu/9ZOQLpPET6ypuBYU53xwPHlhBBNnA+MGjz4mrvzc7WTgoFsV1VFAfY\n3TXlFkfv6cRV5IEoHa4GBaR+1g2lzvi8iirep09bqtv5VFJsD+RwspY1OZOVB4st\nfXXSzVsWuzFGFYkFBTyuKzJkhBrl3BHjK8VRuBlNTBMvLa5Q+YmOmzAQAmmKoZYn\nJeBulCz6hSJ8lHN8GiQxkqeOMZz3XUe0L4mAdkk+UqBxUrB16nDRxBUVpqMbulJl\nIyAqBeA4ekIvf376D6Jh0VDEkLfpesjoFACdVwdjKzLJI9e7ljut81rwmCtmWT7i\nvpRowVLRFpwoP7\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"", "sources": [ { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "BID", "id": "105868" }, { "db": "VULHUB", "id": "VHN-127244" }, { "db": "VULMON", "id": "CVE-2018-16844" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "164240" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-16844", "trust": 3.4 }, { "db": "BID", "id": "105868", "trust": 2.0 }, { "db": "SECTRACK", "id": "1042038", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2018-011776", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201811-120", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3384", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0451", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042571", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-127244", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-16844", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150214", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150480", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150481", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127244" }, { "db": "VULMON", "id": "CVE-2018-16844" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "id": "VAR-201811-0986", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-127244" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:39:52.652000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-4335", "trust": 0.8, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "title": "USN-3812-1", "trust": 0.8, "url": "https://usn.ubuntu.com/3812-1/" }, { "title": "CVE-2018-16843, CVE-2018-16844", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "title": "Nginx Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=86627" }, { "title": "Red Hat: Important: rh-nginx114-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183681 - security advisory" }, { "title": "Red Hat: Important: rh-nginx112-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183680 - security advisory" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3812-1" }, { "title": "Debian CVElist Bug Report Logs: nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f21dcb5d073b4fb671c738fa256c2347" }, { "title": "Red Hat: CVE-2018-16844", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-16844" }, { "title": "Amazon Linux AMI: ALAS-2018-1125", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-1125" }, { "title": "anitazhaochen.github.io", "trust": 0.1, "url": "https://github.com/anitazhaochen/anitazhaochen.github.io " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-16844" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127244" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "NVD", "id": "CVE-2018-16844" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16844" }, { "trust": 2.0, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "trust": 2.0, "url": "https://usn.ubuntu.com/3812-1/" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3680" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3681" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/105868" }, { "trust": 1.7, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.7, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1042038" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16844" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3384/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75522" }, { "trust": 0.6, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10960610" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042571" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-16843" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-16844" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-16845" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16843" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/nginx" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.2" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3812-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.9" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.15.5-0ubuntu2.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://developer.apple.com/xcode/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747" }, { "trust": 0.1, "url": "https://support.apple.com/ht212818." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529" } ], "sources": [ { "db": "VULHUB", "id": "VHN-127244" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-127244" }, { "db": "VULMON", "id": "CVE-2018-16844" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16844" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-07T00:00:00", "db": "VULHUB", "id": "VHN-127244" }, { "date": "2018-11-07T00:00:00", "db": "VULMON", "id": "CVE-2018-16844" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "date": "2018-11-12T16:57:53", "db": "PACKETSTORM", "id": "150253" }, { "date": "2018-11-07T17:35:27", "db": "PACKETSTORM", "id": "150214" }, { "date": "2018-11-27T17:24:35", "db": "PACKETSTORM", "id": "150480" }, { "date": "2018-11-27T17:24:48", "db": "PACKETSTORM", "id": "150481" }, { "date": "2021-09-22T16:28:58", "db": "PACKETSTORM", "id": "164240" }, { "date": "2018-11-07T14:29:00.837000", "db": "NVD", "id": "CVE-2018-16844" }, { "date": "2018-11-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-127244" }, { "date": "2022-02-22T00:00:00", "db": "VULMON", "id": "CVE-2018-16844" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011776" }, { "date": "2022-02-22T19:27:12.300000", "db": "NVD", "id": "CVE-2018-16844" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-120" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "150214" }, { "db": "CNNVD", "id": "CNNVD-201811-120" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Vulnerable to resource exhaustion", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011776" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-120" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.