var-201811-0987
Vulnerability from variot
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. nginx Contains an information disclosure vulnerability.Information obtained and denial of service (DoS) May be in a state. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Versions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability is caused by the program not processing MP4 files correctly.
For the stable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u2.
We recommend that you upgrade your nginx packages.
For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvkq1wACgkQEMKTtsN8 TjY+Sw//eT499ax9D25pWjbpRjjJQ+WG5m7xL3zoCJfWymNmQnsgiV7/gGbpOvAV n6OG/Ckq946v0Du4YFiCDlkPY4P5WJR2/qnBNJPbFEcMssJJbuhpZCLAKSMFjm9A 2IZYGGHZDMGcEo9ZSEDJX/nViSpbN+Y8koTXX43ORizeKhmOWVY0Dm7gqm2DESti CQ0EVQyMSqZisiZumoDjn0FrvkQnxvO4GONfYTUcsZf8z4yb03r7rzO/wDgu9JvU 8+L7cgMcq5TFT3LoZ/LvrJOv8GbMa5SUwqp84ePEZMtAH4NYFIyijOF05MKox7Pq zRO/NTkoIQ7/mfz6dHFRl54Ac5iEGnjL7ksC6zL1rD+W2E+JXOnHUpRdmjQ7CvdA /5GnyZSJbvD6D7/c5MBXU8r60ALXc75hiL8ibXM/LExll/vOw7++/7dDqMacSx4O pQl+tduqW+55VMAyT7DKoM5+nZmq2805EH2P4W37uqE1UCh0eJkEK+bp3BLO2Adx IJM1ujtt6Euyu3c1JzZADpiOAsATLxvh1qGxvHmUeXN0ODEYAnV2mgKtZxU8+W+Z JrsrUTTzFKlmPQug7Bvx7CyZ6S/EQchjeD+Ni7W/HRtW7/eSoh0dntBjQUlg50yd K2fAQq6MD37FTHAghC243ZqqcRJDoDXtKfvKm8Zt3ZUnX3XUqVg=3QLE -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-nginx18-nginx security update Advisory ID: RHSA-2018:3652-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3652 Issue date: 2018-11-26 CVE Names: CVE-2018-16845 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
- nginx: Denial of service and memory disclosure via mp4 module (CVE-2018-16845)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank the Nginx project for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16845 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW/viKdzjgjWX9erEAQjSFA/+IYlcY+VkhYOzot4cXoMumMPj0zcn6Iuk TwHfLvfooC8KsM5PK3acSmv2526KlfWn9xi8QJ8YMIoZVX8+LPPC7gOVxmwAyYOn 4uOumQy5rulkk03UB7r6y7u34Xy5mftCXTOouOipvhiW2Na6aZWiRen7ZWRBcMMW okYWY03xJU7/OQafttfP3UUVAYiw5adZ6gAflhZA8q8JzF0RhZXnliyt4kpZ1kLj 8fr6q+9WDVdiHe9u1j1wIXwQglkPnpab+kW1k4KZ3pdJMzFr9unZURHbyDsqbxlh T5rNTFtoLO9rgksSYtkuK0D6MvxVu7MzHMl/X0IsCnFwwAjH9xbqftqX5G26pQR6 L2UlnBNnes+NG357E81aHJus6ioRpjzSsfIrFoU9N0K9llnfbEslwEr239GzF6hH sMO5vap7/i2bmYQ7++jw9jfF67K2AtFvZCa/tYWlilkWOM12BkP2HvuYXCgmtb6F 99oHxB5TyDKPb44epIvzKV/YtvoeHT6beKRIefJ3xstrq8to0f87NZhTTbk5rYt0 HPf5vLjoZO6SYequmHzn++zoAZubU+oZ3fE05jcbrJSwQeMHWLPTtBoBkmQq+l5y rYTxun0/RvYql6bZD4uHAxKzTxyAvrKw0dW+/DGNanQiwkk+/RpPrYTdMhVw4a5a ZrQQucuvvOo= =LfBW -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The following packages have been upgraded to a later upstream version: rh-nginx114-nginx (1.14.1)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0987", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.15.5" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.0.7" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.0.15" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.1.3" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.10" }, { "model": "ubuntu", "scope": null, "trust": 0.8, "vendor": "canonical", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.14.1" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.15.6" }, { "model": "enterprise linux", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "software collections for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.15.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.13.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.10" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.15.6" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.14.1" } ], "sources": [ { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.15", "versionStartIncluding": "1.0.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.15.5", "versionStartIncluding": "1.1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-16845" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150453" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" } ], "trust": 0.4 }, "cve": "CVE-2018-16845", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-16845", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-127245", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "impactScore": 4.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "secalert@redhat.com", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 4.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2018-16845", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-16845", "trust": 1.8, "value": "MEDIUM" }, { "author": "secalert@redhat.com", "id": "CVE-2018-16845", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201811-119", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-127245", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2018-16845", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-127245" }, { "db": "VULMON", "id": "CVE-2018-16845" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "CNNVD", "id": "CNNVD-201811-119" }, { "db": "NVD", "id": "CVE-2018-16845" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. nginx Contains an information disclosure vulnerability.Information obtained and denial of service (DoS) May be in a state. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. \nVersions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability is caused by the program not processing MP4 files correctly. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2. \n\nWe recommend that you upgrade your nginx packages. \n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvkq1wACgkQEMKTtsN8\nTjY+Sw//eT499ax9D25pWjbpRjjJQ+WG5m7xL3zoCJfWymNmQnsgiV7/gGbpOvAV\nn6OG/Ckq946v0Du4YFiCDlkPY4P5WJR2/qnBNJPbFEcMssJJbuhpZCLAKSMFjm9A\n2IZYGGHZDMGcEo9ZSEDJX/nViSpbN+Y8koTXX43ORizeKhmOWVY0Dm7gqm2DESti\nCQ0EVQyMSqZisiZumoDjn0FrvkQnxvO4GONfYTUcsZf8z4yb03r7rzO/wDgu9JvU\n8+L7cgMcq5TFT3LoZ/LvrJOv8GbMa5SUwqp84ePEZMtAH4NYFIyijOF05MKox7Pq\nzRO/NTkoIQ7/mfz6dHFRl54Ac5iEGnjL7ksC6zL1rD+W2E+JXOnHUpRdmjQ7CvdA\n/5GnyZSJbvD6D7/c5MBXU8r60ALXc75hiL8ibXM/LExll/vOw7++/7dDqMacSx4O\npQl+tduqW+55VMAyT7DKoM5+nZmq2805EH2P4W37uqE1UCh0eJkEK+bp3BLO2Adx\nIJM1ujtt6Euyu3c1JzZADpiOAsATLxvh1qGxvHmUeXN0ODEYAnV2mgKtZxU8+W+Z\nJrsrUTTzFKlmPQug7Bvx7CyZ6S/EQchjeD+Ni7W/HRtW7/eSoh0dntBjQUlg50yd\nK2fAQq6MD37FTHAghC243ZqqcRJDoDXtKfvKm8Zt3ZUnX3XUqVg=3QLE\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2018:3652-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3652\nIssue date: 2018-11-26\nCVE Names: CVE-2018-16845 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: Denial of service and memory disclosure via mp4 module\n(CVE-2018-16845)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank the Nginx project for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16845\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/viKdzjgjWX9erEAQjSFA/+IYlcY+VkhYOzot4cXoMumMPj0zcn6Iuk\nTwHfLvfooC8KsM5PK3acSmv2526KlfWn9xi8QJ8YMIoZVX8+LPPC7gOVxmwAyYOn\n4uOumQy5rulkk03UB7r6y7u34Xy5mftCXTOouOipvhiW2Na6aZWiRen7ZWRBcMMW\nokYWY03xJU7/OQafttfP3UUVAYiw5adZ6gAflhZA8q8JzF0RhZXnliyt4kpZ1kLj\n8fr6q+9WDVdiHe9u1j1wIXwQglkPnpab+kW1k4KZ3pdJMzFr9unZURHbyDsqbxlh\nT5rNTFtoLO9rgksSYtkuK0D6MvxVu7MzHMl/X0IsCnFwwAjH9xbqftqX5G26pQR6\nL2UlnBNnes+NG357E81aHJus6ioRpjzSsfIrFoU9N0K9llnfbEslwEr239GzF6hH\nsMO5vap7/i2bmYQ7++jw9jfF67K2AtFvZCa/tYWlilkWOM12BkP2HvuYXCgmtb6F\n99oHxB5TyDKPb44epIvzKV/YtvoeHT6beKRIefJ3xstrq8to0f87NZhTTbk5rYt0\nHPf5vLjoZO6SYequmHzn++zoAZubU+oZ3fE05jcbrJSwQeMHWLPTtBoBkmQq+l5y\nrYTxun0/RvYql6bZD4uHAxKzTxyAvrKw0dW+/DGNanQiwkk+/RpPrYTdMhVw4a5a\nZrQQucuvvOo=\n=LfBW\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nginx114-nginx (1.14.1)", "sources": [ { "db": "NVD", "id": "CVE-2018-16845" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "BID", "id": "105868" }, { "db": "VULHUB", "id": "VHN-127245" }, { "db": "VULMON", "id": "CVE-2018-16845" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150453" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-16845", "trust": 3.4 }, { "db": "BID", "id": "105868", "trust": 2.0 }, { "db": "SECTRACK", "id": "1042039", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2018-014189", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201811-119", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3384", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0464", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0451", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042571", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "150453", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-127245", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-16845", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150253", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150480", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150481", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150458", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127245" }, { "db": "VULMON", "id": "CVE-2018-16845" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150453" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "CNNVD", "id": "CNNVD-201811-119" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "id": "VAR-201811-0987", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-127245" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:01:53.545000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "[SECURITY] [DLA 1572-1] nginx security update", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html" }, { "title": "DSA-4335", "trust": 0.8, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "title": "Bug 1644508", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845" }, { "title": "RHSA-2018:3652", "trust": 0.8, "url": "https://access.redhat.com/errata/rhsa-2018:3652" }, { "title": "RHSA-2018:3653", "trust": 0.8, "url": "https://access.redhat.com/errata/rhsa-2018:3653" }, { "title": "RHSA-2018:3680", "trust": 0.8, "url": "https://access.redhat.com/errata/rhsa-2018:3680" }, { "title": "RHSA-2018:3681", "trust": 0.8, "url": "https://access.redhat.com/errata/rhsa-2018:3681" }, { "title": "USN-3812-1", "trust": 0.8, "url": "https://usn.ubuntu.com/3812-1/" }, { "title": "(CVE-2018-16845)", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "title": "Nginx Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=86626" }, { "title": "Red Hat: Important: rh-nginx18-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183652 - security advisory" }, { "title": "Red Hat: Important: rh-nginx110-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183653 - security advisory" }, { "title": "Red Hat: Important: rh-nginx112-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183680 - security advisory" }, { "title": "Red Hat: Important: rh-nginx114-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183681 - security advisory" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3812-1" }, { "title": "Red Hat: CVE-2018-16845", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-16845" }, { "title": "Debian CVElist Bug Report Logs: nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f21dcb5d073b4fb671c738fa256c2347" }, { "title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u00e2\u20ac\u2122s dependencies \u00e2\u20ac\u201c Cumulative list from June 28, 2018 to December 13, 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61" }, { "title": "CVE-2018-16845", "trust": 0.1, "url": "https://github.com/t4t4ru/cve-2018-16845 " }, { "title": "anitazhaochen.github.io", "trust": 0.1, "url": "https://github.com/anitazhaochen/anitazhaochen.github.io " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-16845" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "CNNVD", "id": "CNNVD-201811-119" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.1 }, { "problemtype": "CWE-200", "trust": 0.9 }, { "problemtype": "CWE-835", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127245" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845" }, { "trust": 2.0, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "trust": 2.0, "url": "https://usn.ubuntu.com/3812-1/" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3652" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3653" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3680" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3681" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/105868" }, { "trust": 1.7, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.7, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1042039" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16845" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2018-16845" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2018-16843" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1489143" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0464/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3384/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75522" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042571" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-shares-application-is-affected-by-nginx-vulnerabilities-cve-2018-16845-cve-2018-16843-cve-2019-7401/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-16844" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16844" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16843" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/nginx" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-127245" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150453" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "CNNVD", "id": "CNNVD-201811-119" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-127245" }, { "db": "VULMON", "id": "CVE-2018-16845" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150453" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "CNNVD", "id": "CNNVD-201811-119" }, { "db": "NVD", "id": "CVE-2018-16845" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-07T00:00:00", "db": "VULHUB", "id": "VHN-127245" }, { "date": "2018-11-07T00:00:00", "db": "VULMON", "id": "CVE-2018-16845" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-03-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "date": "2018-11-12T16:57:53", "db": "PACKETSTORM", "id": "150253" }, { "date": "2018-11-27T17:24:35", "db": "PACKETSTORM", "id": "150480" }, { "date": "2018-11-26T04:44:44", "db": "PACKETSTORM", "id": "150453" }, { "date": "2018-11-27T17:24:48", "db": "PACKETSTORM", "id": "150481" }, { "date": "2018-11-26T10:02:22", "db": "PACKETSTORM", "id": "150458" }, { "date": "2018-11-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-119" }, { "date": "2018-11-07T14:29:00.883000", "db": "NVD", "id": "CVE-2018-16845" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-127245" }, { "date": "2022-02-22T00:00:00", "db": "VULMON", "id": "CVE-2018-16845" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-03-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-014189" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-119" }, { "date": "2022-02-22T19:27:12.373000", "db": "NVD", "id": "CVE-2018-16845" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-119" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Information Disclosure Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-014189" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "memory leak", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-119" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.