Medium: nginx

🗓️ 15 Jun 2016 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 38 Views

nginx code vulnerability in saving client request body could crash worker proces

Reporter	Title	Published	Views	Family All 69
ALT Linux	Security fix for the ALT Linux 9 package nginx version 1.10.1-alt1	1 Jun 201600:00	–	altlinux
FreeBSD	nginx -- a specially crafted request might result in worker process crash	31 May 201600:00	–	freebsd
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities with the Nginx web server used in IBM Aspera Shares 1.9.2 and earlier	8 Dec 201804:55	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in nginx affect PowerKVM	18 Jun 201801:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM SmartCloud Provisioning security vulnerability has been identified in nginx (CVE-2016-4450)	17 Jun 201822:33	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in nginx affects IBM StoredIQ (CVE-2016-4450)	17 Jun 201812:17	–	ibm
Tenable Nessus	Amazon Linux AMI : nginx (ALAS-2016-715)	16 Jun 201600:00	–	nessus
Tenable Nessus	Arista Networks EOS ngx_chain_to_iovec NULL Pointer Deference DoS (SA0021)	28 Feb 201800:00	–	nessus
Tenable Nessus	Debian DSA-3592-1 : nginx - security update	2 Jun 201600:00	–	nessus
Tenable Nessus	Fedora 24 : 1:nginx (2016-c329fc4c32)	14 Jul 201600:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	1	i686	nginx	1.8.1-3.27.amzn1	nginx-1.8.1-3.27.amzn1.i686.rpm
Amazon Linux	1	x86_64	nginx	1.8.1-3.27.amzn1	nginx-1.8.1-3.27.amzn1.x86_64.rpm
Amazon Linux	1	i686	nginx-debuginfo	1.8.1-3.27.amzn1	nginx-debuginfo-1.8.1-3.27.amzn1.i686.rpm
Amazon Linux	1	x86_64	nginx-debuginfo	1.8.1-3.27.amzn1	nginx-debuginfo-1.8.1-3.27.amzn1.x86_64.rpm

15 Jun 2016 00:00Current

8High risk

Vulners AI Score8

CVSS 25

CVSS 3.17.5

EPSS0.03589

nginx code vulnerability client request worker process crash null pointer temp file update cve-2016-4450