var-202106-1909
Vulnerability from variot

NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. NGINX Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. NGINX has a security vulnerability before 1.13.6. The vulnerability stems from the fact that when the autoindex module encounters this file, it will cause an integer overflow. ========================================================================== Ubuntu Security Notice USN-5109-1 October 18, 2021

nginx vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Summary:

A security issue was fixed in nginx.

Software Description: - nginx: small, powerful, scalable web/proxy server

Details:

It was discovered that nginx incorrectly handled files with certain modification dates. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 ESM: nginx 1.10.3-0ubuntu0.16.04.5+esm2

Ubuntu 14.04 ESM: nginx 1.4.6-1ubuntu3.9+esm3

In general, a standard system update will make all the necessary changes.

References: https://ubuntu.com/security/notices/USN-5109-1 CVE-2017-20005

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1909",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.13.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "nginx",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-015095"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-20005"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.13.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-20005"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "164541"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2017-20005",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-20005",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-394033",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-20005",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-20005",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202106-378",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-394033",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-394033"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-015095"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-20005"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-378"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. NGINX Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted  (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. NGINX has a security vulnerability before 1.13.6. The vulnerability stems from the fact that when the autoindex module encounters this file, it will cause an integer overflow. ==========================================================================\nUbuntu Security Notice USN-5109-1\nOctober 18, 2021\n\nnginx vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nA security issue was fixed in nginx. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nIt was discovered that nginx incorrectly handled files with\ncertain modification dates. A remote attacker could possibly\nuse this issue to cause a denial of service or other unspecified\nimpact. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n  nginx                           1.10.3-0ubuntu0.16.04.5+esm2\n\nUbuntu 14.04 ESM:\n  nginx                           1.4.6-1ubuntu3.9+esm3\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  https://ubuntu.com/security/notices/USN-5109-1\n  CVE-2017-20005\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-20005"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-015095"
      },
      {
        "db": "VULHUB",
        "id": "VHN-394033"
      },
      {
        "db": "PACKETSTORM",
        "id": "164541"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-20005",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-015095",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-378",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "164541",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3462",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1974",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-394033",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-394033"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-015095"
      },
      {
        "db": "PACKETSTORM",
        "id": "164541"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-20005"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-378"
      }
    ]
  },
  "id": "VAR-202106-1909",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-394033"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:12:31.169000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "#1368\u00a0closed\u00a0defect\u00a0(fixed)",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-015095"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-190",
        "trust": 1.1
      },
      {
        "problemtype": "Integer overflow or wraparound (CWE-190) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-394033"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-015095"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-20005"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20210805-0006/"
      },
      {
        "trust": 1.7,
        "url": "http://nginx.org/en/changes"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b"
      },
      {
        "trust": 1.7,
        "url": "https://trac.nginx.org/nginx/ticket/1368"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-20005"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3462"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164541/ubuntu-security-notice-usn-5109-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1974"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5109-1"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-394033"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-015095"
      },
      {
        "db": "PACKETSTORM",
        "id": "164541"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-20005"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-378"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-394033"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-015095"
      },
      {
        "db": "PACKETSTORM",
        "id": "164541"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-20005"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-378"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-06-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-394033"
      },
      {
        "date": "2022-02-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-015095"
      },
      {
        "date": "2021-10-18T14:55:13",
        "db": "PACKETSTORM",
        "id": "164541"
      },
      {
        "date": "2021-06-06T22:15:08.417000",
        "db": "NVD",
        "id": "CVE-2017-20005"
      },
      {
        "date": "2021-06-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-378"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-11-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-394033"
      },
      {
        "date": "2022-02-22T07:06:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-015095"
      },
      {
        "date": "2021-12-02T19:43:01.953000",
        "db": "NVD",
        "id": "CVE-2017-20005"
      },
      {
        "date": "2023-05-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-378"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "164541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-378"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NGINX\u00a0 Integer overflow vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-015095"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-378"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.