ID CFOUNDRY:596553F071DD27A4EDB0045E940B9DB3 Type cloudfoundry Reporter Cloud Foundry Modified 2016-06-13T00:00:00
Description
USN-2991-1 nginx vulnerability
Medium
Vendor
Nginx, Canonical Ubuntu
Versions Affected
BOSH-release versions prior to 255.11
Description
It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.
Mitigation
Users of affected versions should apply the following mitigation:
For BOSH-only deployments, upgrade BOSH-release to version 255.11
{"id": "CFOUNDRY:596553F071DD27A4EDB0045E940B9DB3", "bulletinFamily": "software", "title": "USN-2991-1 nginx vulnerability - Cloud Foundry", "description": "USN-2991-1 nginx vulnerability\n\n# \n\nMedium\n\n# Vendor\n\nNginx, Canonical Ubuntu\n\n# Versions Affected\n\n * BOSH-release versions prior to 255.11 \n\n# Description\n\nIt was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.\n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * For BOSH-only deployments, upgrade BOSH-release to version 255.11 \n\n# References\n\n * [1] <http://bosh.io>\n * [2] <http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4450.html>\n", "published": "2016-06-13T00:00:00", "modified": "2016-06-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.cloudfoundry.org/blog/usn-2991-1/", "reporter": "Cloud Foundry", "references": [], "cvelist": ["CVE-2016-4450"], "type": "cloudfoundry", "lastseen": "2018-01-12T14:53:00", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "abb60f32aa8edf1ddb8ba7cae775da14"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "7c92bf193c3c641f9932c7e26299af83"}, {"key": "href", "hash": "596553f071dd27a4edb0045e940b9db3"}, {"key": "modified", "hash": "8c961c13102b80ffb839673165367a6d"}, {"key": "published", "hash": "8c961c13102b80ffb839673165367a6d"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9f79ffc41072c2f7b55b8f0f3c7e2844"}, {"key": "title", "hash": "c74044728574db00aca8b4a7a0a544d7"}, {"key": "type", "hash": "b08fd989889a0229072b0f99134b9179"}], "hash": "19841a67321e272db810d0c6bae5cd015ac5c5ab3515b5c9fc89b37e5b79cd0f", "viewCount": 0, "enchantments": {"vulnersScore": 3.3}, "objectVersion": "1.3", "affectedSoftware": []}
{"result": {"cve": [{"id": "CVE-2016-4450", "type": "cve", "title": "CVE-2016-4450", "description": "os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.", "published": "2016-06-07T10:06:14", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4450", "cvelist": ["CVE-2016-4450"], "lastseen": "2018-01-05T11:52:14"}], "f5": [{"id": "F5:K08250500", "type": "f5", "title": "Nginx vulnerability CVE-2016-4450", "description": "\nF5 Product Development has assigned ID 619926 (F5 iWorkflow) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Medium| Nginx \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Medium| Nginx \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Medium| Nginx \nBIG-IQ ADC| 4.5.0| None| Medium| Nginx \nBIG-IQ Centralized Management| 5.0.0 \n4.6.0| 5.1.0| Medium| Nginx \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Medium| Nginx \nF5 iWorkflow| 2.0.0| None| Medium| Nginx \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n", "published": "2016-10-04T02:31:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K08250500", "cvelist": ["CVE-2016-4450"], "lastseen": "2017-06-08T00:16:19"}, {"id": "SOL08250500", "type": "f5", "title": "SOL08250500 - Nginx vulnerability CVE-2016-4450", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to SOL21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n", "published": "2016-10-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/k/08/sol08250500.html", "cvelist": ["CVE-2016-4450"], "lastseen": "2016-10-04T17:24:42"}], "cloudfoundry": [{"id": "CFOUNDRY:7E643D3894ADF4F839871B17C265A598", "type": "cloudfoundry", "title": "CVE-2016-4450 Nginx Vulnerabilities - Cloud Foundry", "description": "CVE-2016-4450 Nginx Vulnerabilities\n\n# \n\nMedium\n\n# Vendor\n\nnginx, Cloud Foundry\n\n# Versions Affected\n\n * nginx before 1.10.1 and 1.11.x versions before 1.11.1 \n * Cloud Foundry staticfile buildpack prior to version 1.3.9 \n * Cloud Foundry cf-release prior to version 238 \n\n# Description\n\nos/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.\n\n# Mitigation\n\nUsers are strongly encouraged to follow one of the mitigations below:\n\n * Upgrade to Cloud Foundry version 238 or later \n * Upgrade the Cloud Foundry staticfile buildpack to version 1.3.9 or later and restage all applications that use automated buildpack detection\n\n# References\n\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450>\n", "published": "2016-07-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.cloudfoundry.org/blog/cve-2016-4450/", "cvelist": ["CVE-2016-4450"], "lastseen": "2018-01-12T14:53:03"}], "nessus": [{"id": "FREEBSD_PKG_36CF7670277411E6AF29F0DEF16C5C1B.NASL", "type": "nessus", "title": "FreeBSD : nginx -- a specially crafted request might result in worker process crash (36cf7670-2774-11e6-af29-f0def16c5c1b)", "description": "Maxim Dounin reports :\n\nA problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file.", "published": "2016-06-01T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=91399", "cvelist": ["CVE-2016-4450"], "lastseen": "2017-10-29T13:43:24"}, {"id": "OPENSUSE-2017-192.NASL", "type": "nessus", "title": "openSUSE Security Update : nginx (openSUSE-2017-192)", "description": "This update for nginx fixes the following vulnerability :\n\n - CVE-2016-4450: Remote attackers could have caused a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.", "published": "2017-02-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96943", "cvelist": ["CVE-2016-4450"], "lastseen": "2017-10-29T13:38:10"}, {"id": "FEDORA_2016-C329FC4C32.NASL", "type": "nessus", "title": "Fedora 24 : 1:nginx (2016-c329fc4c32)", "description": "update to upstream release 1.10.1 to fix CVE-2016-4450\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2016-07-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=92155", "cvelist": ["CVE-2016-4450"], "lastseen": "2017-10-29T13:41:08"}, {"id": "UBUNTU_USN-2991-1.NASL", "type": "nessus", "title": "Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : nginx vulnerability (USN-2991-1)", "description": "It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2016-06-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=91451", "cvelist": ["CVE-2016-4450"], "lastseen": "2017-10-29T13:35:15"}, {"id": "FEDORA_2016-EA323BD6CF.NASL", "type": "nessus", "title": "Fedora 23 : 1:nginx (2016-ea323bd6cf)", "description": "fix CVE-2016-4450\n\n----\n\nupdate to upstream release 1.8.1 to fix CVE-2016-4450\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2016-07-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=92194", "cvelist": ["CVE-2016-4450"], "lastseen": "2017-10-29T13:40:25"}, {"id": "DEBIAN_DSA-3592.NASL", "type": "nessus", "title": "Debian DSA-3592-1 : nginx - security update", "description": "It was discovered that a NULL pointer dereference in the Nginx code responsible for saving client request bodies to a temporary file might result in denial of service: Malformed requests could crash worker processes.", "published": "2016-06-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=91431", "cvelist": ["CVE-2016-4450"], "lastseen": "2017-10-29T13:37:21"}, {"id": "ARISTA_EOS_SA0021.NASL", "type": "nessus", "title": "Arista Networks EOS ngx_chain_to_iovec NULL Pointer Deference DoS (SA0021)", "description": "The version of Arista Networks EOS running on the remote device is affected by a denial of service vulnerability in NGINX due to a NULL pointer dereference flaw in the ngx_chain_to_iovec() function within file os/unix/ngx_files.c when handling specially crafted requests. An unauthenticated, remote attacker can exploit this, via a specially crafted request to write a client request body to a temporary file, to crash a worker process.", "published": "2018-02-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=107063", "cvelist": ["CVE-2016-4450"], "lastseen": "2018-03-01T05:53:31"}, {"id": "ALA_ALAS-2016-715.NASL", "type": "nessus", "title": "Amazon Linux AMI : nginx (ALAS-2016-715)", "description": "A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file.", "published": "2016-06-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=91629", "cvelist": ["CVE-2016-4450"], "lastseen": "2018-04-19T07:57:12"}, {"id": "GENTOO_GLSA-201606-06.NASL", "type": "nessus", "title": "GLSA-201606-06 : nginx: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201606-06 (nginx: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly cause a Denial of Service condition via a crafted packet.\n Workaround :\n\n There is no known workaround at this time.", "published": "2017-10-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=103587", "cvelist": ["CVE-2016-0746", "CVE-2016-0747", "CVE-2016-4450", "CVE-2013-3587", "CVE-2016-0742"], "lastseen": "2017-10-29T13:43:21"}], "archlinux": [{"id": "ASA-201606-1", "type": "archlinux", "title": "nginx: denial of service", "description": "A vulnerability was found in nginx code responsible for saving client\nrequest body to a temporary file. A specially crafted request might\nresult in worker process crash due to a NULL pointer dereference while\nhandling the client request body.", "published": "2016-06-01T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html", "cvelist": ["CVE-2016-4450"], "lastseen": "2016-09-02T18:44:36"}, {"id": "ASA-201606-2", "type": "archlinux", "title": "nginx-mainline: denial of service", "description": "A vulnerability was found in nginx code responsible for saving client\nrequest body to a temporary file. A specially crafted request might\nresult in worker process crash due to a NULL pointer dereference while\nhandling the client request body.", "published": "2016-06-01T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html", "cvelist": ["CVE-2016-4450"], "lastseen": "2016-09-02T18:44:40"}], "debian": [{"id": "DSA-3592", "type": "debian", "title": "nginx -- security update", "description": "It was discovered that a NULL pointer dereference in the Nginx code responsible for saving client request bodies to a temporary file might result in denial of service: Malformed requests could crash worker processes.\n\nFor the stable distribution (jessie), this problem has been fixed in version 1.6.2-5+deb8u2.\n\nFor the unstable distribution (sid), this problem has been fixed in version 1.10.1-1.\n\nWe recommend that you upgrade your nginx packages.", "published": "2016-06-01T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-3592", "cvelist": ["CVE-2016-4450"], "lastseen": "2016-09-02T18:33:30"}], "amazon": [{"id": "ALAS-2016-715", "type": "amazon", "title": "Medium: nginx", "description": "**Issue Overview:**\n\nA problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file.\n\n \n**Affected Packages:** \n\n\nnginx\n\n \n**Issue Correction:** \nRun _yum update nginx_ to update your system. \n\n\n \n**New Packages:**\n \n \n i686: \n nginx-debuginfo-1.8.1-3.27.amzn1.i686 \n nginx-1.8.1-3.27.amzn1.i686 \n \n src: \n nginx-1.8.1-3.27.amzn1.src \n \n x86_64: \n nginx-1.8.1-3.27.amzn1.x86_64 \n nginx-debuginfo-1.8.1-3.27.amzn1.x86_64 \n \n \n", "published": "2016-06-15T13:30:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2016-715.html", "cvelist": ["CVE-2016-4450"], "lastseen": "2016-09-28T21:03:57"}], "openvas": [{"id": "OPENVAS:703592", "type": "openvas", "title": "Debian Security Advisory DSA 3592-1 (nginx - security update)", "description": "It was discovered that a NULL pointer\ndereference in the Nginx code responsible for saving client request bodies to a\ntemporary file might result in denial of service: Malformed requests could crash\nworker processes.", "published": "2016-06-01T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703592", "cvelist": ["CVE-2016-4450"], "lastseen": "2017-07-24T12:54:44"}, {"id": "OPENVAS:1361412562310120704", "type": "openvas", "title": "Amazon Linux Local Check: alas-2016-715", "description": "Amazon Linux Local Security Checks", "published": "2016-10-26T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120704", "cvelist": ["CVE-2016-4450"], "lastseen": "2017-07-24T12:55:06"}, {"id": "OPENVAS:1361412562310808464", "type": "openvas", "title": "Fedora Update for nginx FEDORA-2016-c329fc4c32", "description": "Check the version of nginx", "published": "2016-06-19T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808464", "cvelist": ["CVE-2016-4450"], "lastseen": "2017-07-25T10:54:22"}, {"id": "OPENVAS:1361412562310842780", "type": "openvas", "title": "Ubuntu Update for nginx USN-2991-1", "description": "Check the version of nginx", "published": "2016-06-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842780", "cvelist": ["CVE-2016-4450"], "lastseen": "2017-12-04T11:26:05"}, {"id": "OPENVAS:1361412562310808376", "type": "openvas", "title": "Fedora Update for nginx FEDORA-2016-ea323bd6cf", "description": "Check the version of nginx", "published": "2016-06-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808376", "cvelist": ["CVE-2016-4450"], "lastseen": "2017-07-25T10:55:09"}, {"id": "OPENVAS:1361412562310703592", "type": "openvas", "title": "Debian Security Advisory DSA 3592-1 (nginx - security update)", "description": "It was discovered that a NULL pointer\ndereference in the Nginx code responsible for saving client request bodies to a\ntemporary file might result in denial of service: Malformed requests could crash\nworker processes.", "published": "2016-06-01T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703592", "cvelist": ["CVE-2016-4450"], "lastseen": "2017-12-18T11:05:44"}], "nginx": [{"id": "NGINX:CVE-2016-4450", "type": "nginx", "title": "NULL pointer dereference while writing client request body", "description": "NULL pointer dereference while writing client request body\nSeverity: medium\nCVE-2016-4450\nNot vulnerable: 1.11.1+, 1.10.1+\nVulnerable: 1.3.9-1.11.0", "published": "2016-06-07T10:06:14", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://nginx.org/en/security_advisories.html", "cvelist": ["CVE-2016-4450"], "lastseen": "2016-09-26T17:22:31"}], "ubuntu": [{"id": "USN-2991-1", "type": "ubuntu", "title": "nginx vulnerability", "description": "It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.", "published": "2016-06-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2991-1/", "cvelist": ["CVE-2016-4450"], "lastseen": "2018-03-29T18:18:46"}], "hackerone": [{"id": "H1:145409", "type": "hackerone", "title": "Nextcloud: help.nextcloud.com: Known DoS condition (null pointer deref) in Nginx running", "description": "The https://help.nextcloud.com sub-site is running Nginx/1.10.0 which is vuln to a known issue (CVE-2016-4450) which allows a remote malformed HTTP request to cause the Nginx process to crash.\n\nDoS testing is mentioned as not requested, but if you know of an issue give it a go .. \n\nYou can determine the version running by requesting the IP of the site and getting the HTTP 301, eg: https://88.198.160.135\n\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4450", "published": "2016-06-17T14:10:20", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/145409", "cvelist": ["CVE-2016-4450"], "lastseen": "2018-04-19T17:34:13"}], "freebsd": [{"id": "36CF7670-2774-11E6-AF29-F0DEF16C5C1B", "type": "freebsd", "title": "nginx -- a specially crafted request might result in worker process crash", "description": "\nMaxim Dounin reports:\n\nA problem was identified in nginx code responsible for saving\n\t client request body to a temporary file. A specially crafted\n\t request might result in worker process crash due to a NULL\n\t pointer dereference while writing client request body to a\n\t temporary file.\n\n", "published": "2016-05-31T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/36cf7670-2774-11e6-af29-f0def16c5c1b.html", "cvelist": ["CVE-2016-4450"], "lastseen": "2016-09-26T17:24:05"}], "gentoo": [{"id": "GLSA-201606-06", "type": "gentoo", "title": "nginx: Multiple vulnerabilities", "description": "### Background\n\nnginx is a robust, small, and high performance HTTP and reverse proxy server. \n\n### Description\n\nMultiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly cause a Denial of Service condition via a crafted packet. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll nginx users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/nginx-1.10.1\"", "published": "2016-06-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201606-06", "cvelist": ["CVE-2016-0746", "CVE-2016-0747", "CVE-2016-4450", "CVE-2013-3587", "CVE-2016-0742"], "lastseen": "2016-09-06T19:46:04"}], "redhat": [{"id": "RHSA-2016:1425", "type": "redhat", "title": "(RHSA-2016:1425) Moderate: rh-nginx18-nginx security update", "description": "Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.\n\nThe following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).\n\nSecurity Fix(es):\n\n* A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash. (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration. (CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. (CVE-2016-0747)", "published": "2016-07-14T08:53:33", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2016:1425", "cvelist": ["CVE-2016-0742", "CVE-2016-0746", "CVE-2016-0747", "CVE-2016-4450"], "lastseen": "2018-03-28T07:56:03"}]}}