Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2013-249
HistoryDec 02, 2013 - 8:27 p.m.

Important: nginx

2013-12-0220:27:00
alas.aws.amazon.com
18

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.954 High

EPSS

Percentile

99.3%

JSON

Issue Overview:

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

Affected Packages:

nginx

Issue Correction:
Run yum update nginx to update your system.

New Packages:

i686:  
    nginx-debuginfo-1.4.3-1.14.amzn1.i686  
    nginx-1.4.3-1.14.amzn1.i686  
  
src:  
    nginx-1.4.3-1.14.amzn1.src  
  
x86_64:  
    nginx-1.4.3-1.14.amzn1.x86_64  
    nginx-debuginfo-1.4.3-1.14.amzn1.x86_64

Additional References

Red Hat: CVE-2013-4547

Mitre: CVE-2013-4547

Related

openvas 5
prion 1
securityvulns 2
cve 1
ubuntucve 1
nessus 9
fedora 2
checkpoint_advisories 2
debian 1
altlinux 1
mageia 1
nginx 1
freebsd 1
suse 1
debiancve 1
kitploit 1
thn 1
openvas
openvas
Fedora Update for nginx FEDORA-2013-21826
2013-12-03 00:00:00
Fedora Update for nginx FEDORA-2013-21826
2013-12-03 00:00:00
Debian Security Advisory DSA 2802-1 (nginx - restriction bypass)
2013-11-21 00:00:00
prion
prion
Design/Logic Flaw
2013-11-23 18:55:00
securityvulns
securityvulns
nginx protection bypass
2013-11-26 00:00:00
[SECURITY] [DSA 2802-1] nginx security update
2013-11-26 00:00:00
cve
cve
CVE-2013-4547
2013-11-23 18:55:00
ubuntucve
ubuntucve
CVE-2013-4547
2013-11-23 00:00:00
nessus
nessus
FreeBSD : nginx -- Request line parsing vulnerability (94b6264a-5140-11e3-8b22-f0def16c5c1b)
2013-11-20 00:00:00
Mandriva Linux Security Advisory : nginx (MDVSA-2013:281)
2013-11-25 00:00:00
Fedora 19 : nginx-1.4.4-1.fc19 (2013-21826)
2013-12-02 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: nginx-1.4.4-1.fc19
2013-12-02 09:36:38
[SECURITY] Fedora 20 Update: nginx-1.4.4-1.fc20
2013-12-14 03:28:06
checkpoint_advisories
checkpoint_advisories
Nginx Request URI Verification Security Bypass (CVE-2013-4547)
2014-04-08 00:00:00
Preemptive Protection against Nginx Request URI Verification Security Bypass (CVE-2013-4547)
2013-12-10 00:00:00
debian
debian
[SECURITY] [DSA 2802-1] nginx security update
2013-11-21 21:35:18
altlinux
altlinux
Security fix for the ALT Linux 9 package nginx version 1.4.4-alt1
2013-11-22 00:00:00
mageia
mageia
Updated nginx packages fix CVE-2013-4547
2013-11-22 23:12:56
nginx
nginx
Request line parsing vulnerability
2013-11-23 18:55:00
freebsd
freebsd
nginx -- Request line parsing vulnerability
2013-11-19 00:00:00
suse
suse
Security update for nginx (important)
2013-12-16 21:04:16
debiancve
debiancve
CVE-2013-4547
2013-11-23 18:55:00
kitploit
kitploit
Vision2 - Nmap's XML result parse and NVD's CPE correlation to search CVE
2017-09-08 13:30:00
thn
thn
Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems
2021-08-23 13:27:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.954 High

EPSS

Percentile

99.3%

JSON
Related for ALAS-2013-249
openvas5prion1securityvulns2cve1ubuntucve1nessus9fedora2checkpoint_advisories2debian1altlinux1mageia1nginx1freebsd1suse1debiancve1kitploit1thn1