{"id": "CFOUNDRY:596553F071DD27A4EDB0045E940B9DB3", "bulletinFamily": "software", "title": "USN-2991-1 nginx vulnerability | Cloud Foundry", "description": "USN-2991-1 nginx vulnerability\n\n# \n\nMedium\n\n# Vendor\n\nNginx, Canonical Ubuntu\n\n# Versions Affected\n\n * BOSH-release versions prior to 255.11 \n\n# Description\n\nIt was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.\n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * For BOSH-only deployments, upgrade BOSH-release to version 255.11 \n\n# References\n\n * [1] <http://bosh.io>\n * [2] <http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4450.html>\n", "published": "2016-06-13T00:00:00", "modified": "2016-06-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.cloudfoundry.org/blog/usn-2991-1/", "reporter": "Cloud Foundry", "references": [], "cvelist": ["CVE-2016-4450"], "type": "cloudfoundry", "lastseen": "2018-09-07T03:26:10", "history": [{"bulletin": {"affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2016-4450"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "USN-2991-1 nginx vulnerability\n\n# \n\nMedium\n\n# Vendor\n\nNginx, Canonical Ubuntu\n\n# Versions Affected\n\n * BOSH-release versions prior to 255.11 \n\n# Description\n\nIt was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.\n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * For BOSH-only deployments, upgrade BOSH-release to version 255.11 \n\n# References\n\n * [1] <http://bosh.io>\n * [2] <http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4450.html>\n", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "19841a67321e272db810d0c6bae5cd015ac5c5ab3515b5c9fc89b37e5b79cd0f", "hashmap": [{"hash": "596553f071dd27a4edb0045e940b9db3", "key": "href"}, {"hash": "9f79ffc41072c2f7b55b8f0f3c7e2844", "key": "reporter"}, {"hash": "c74044728574db00aca8b4a7a0a544d7", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "8c961c13102b80ffb839673165367a6d", "key": "modified"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "abb60f32aa8edf1ddb8ba7cae775da14", "key": "cvelist"}, {"hash": "b08fd989889a0229072b0f99134b9179", "key": "type"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "8c961c13102b80ffb839673165367a6d", "key": "published"}, {"hash": "7c92bf193c3c641f9932c7e26299af83", "key": "description"}], "history": [], "href": "https://www.cloudfoundry.org/blog/usn-2991-1/", "id": "CFOUNDRY:596553F071DD27A4EDB0045E940B9DB3", "lastseen": "2018-08-31T01:50:00", "modified": "2016-06-13T00:00:00", "objectVersion": "1.3", "published": "2016-06-13T00:00:00", "references": [], "reporter": "Cloud Foundry", "title": "USN-2991-1 nginx vulnerability - Cloud Foundry", "type": "cloudfoundry", "viewCount": 1}, "differentElements": ["title"], "edition": 3, "lastseen": "2018-08-31T01:50:00"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2016-4450"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "USN-2991-1 nginx vulnerability\n\n# \n\nMedium\n\n# Vendor\n\nNginx, Canonical Ubuntu\n\n# Versions Affected\n\n * BOSH-release versions prior to 255.11 \n\n# Description\n\nIt was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.\n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * For BOSH-only deployments, upgrade BOSH-release to version 255.11 \n\n# References\n\n * [1] <http://bosh.io>\n * [2] <http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4450.html>\n", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "77ed395a7d15bd9d220d03686f37eda7e53705c8189104b917642dbef9fb9ac7", "hashmap": [{"hash": "596553f071dd27a4edb0045e940b9db3", "key": "href"}, {"hash": "9f79ffc41072c2f7b55b8f0f3c7e2844", "key": "reporter"}, {"hash": "c74044728574db00aca8b4a7a0a544d7", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "8c961c13102b80ffb839673165367a6d", "key": "modified"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "abb60f32aa8edf1ddb8ba7cae775da14", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "b08fd989889a0229072b0f99134b9179", "key": "type"}, {"hash": "8c961c13102b80ffb839673165367a6d", "key": "published"}, {"hash": "7c92bf193c3c641f9932c7e26299af83", "key": "description"}], "history": [], "href": "https://www.cloudfoundry.org/blog/usn-2991-1/", "id": "CFOUNDRY:596553F071DD27A4EDB0045E940B9DB3", "lastseen": "2018-08-30T19:15:13", "modified": "2016-06-13T00:00:00", "objectVersion": "1.3", "published": "2016-06-13T00:00:00", "references": [], "reporter": "Cloud Foundry", "title": "USN-2991-1 nginx vulnerability - Cloud Foundry", "type": "cloudfoundry", "viewCount": 1}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:15:13"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2016-4450"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "USN-2991-1 nginx vulnerability\n\n# \n\nMedium\n\n# Vendor\n\nNginx, Canonical Ubuntu\n\n# Versions Affected\n\n * BOSH-release versions prior to 255.11 \n\n# Description\n\nIt was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.\n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * For BOSH-only deployments, upgrade BOSH-release to version 255.11 \n\n# References\n\n * [1] <http://bosh.io>\n * [2] <http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4450.html>\n", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "19841a67321e272db810d0c6bae5cd015ac5c5ab3515b5c9fc89b37e5b79cd0f", "hashmap": [{"hash": "596553f071dd27a4edb0045e940b9db3", "key": "href"}, {"hash": "9f79ffc41072c2f7b55b8f0f3c7e2844", "key": "reporter"}, {"hash": "c74044728574db00aca8b4a7a0a544d7", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "8c961c13102b80ffb839673165367a6d", "key": "modified"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "abb60f32aa8edf1ddb8ba7cae775da14", "key": "cvelist"}, {"hash": "b08fd989889a0229072b0f99134b9179", "key": "type"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "8c961c13102b80ffb839673165367a6d", "key": "published"}, {"hash": "7c92bf193c3c641f9932c7e26299af83", "key": "description"}], "history": [], "href": "https://www.cloudfoundry.org/blog/usn-2991-1/", "id": "CFOUNDRY:596553F071DD27A4EDB0045E940B9DB3", "lastseen": "2018-01-12T14:53:00", "modified": "2016-06-13T00:00:00", "objectVersion": "1.3", "published": "2016-06-13T00:00:00", "references": [], "reporter": "Cloud Foundry", "title": "USN-2991-1 nginx vulnerability - Cloud Foundry", "type": "cloudfoundry", "viewCount": 1}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-01-12T14:53:00"}], "edition": 4, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "abb60f32aa8edf1ddb8ba7cae775da14"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "7c92bf193c3c641f9932c7e26299af83"}, {"key": "href", "hash": "596553f071dd27a4edb0045e940b9db3"}, {"key": "modified", "hash": "8c961c13102b80ffb839673165367a6d"}, {"key": "published", "hash": "8c961c13102b80ffb839673165367a6d"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9f79ffc41072c2f7b55b8f0f3c7e2844"}, {"key": "title", "hash": "0f648ca891228a16a99eb542341903d1"}, {"key": "type", "hash": "b08fd989889a0229072b0f99134b9179"}], "hash": "2a0a1dcdd2dc929a4079e10e391e78378798a99ff03b002a53535da4176e556a", "viewCount": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedSoftware": []}

{"cve": [{"lastseen": "2018-01-05T11:52:14", "references": ["http://www.debian.org/security/2016/dsa-3592", "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html", "http://www.ubuntu.com/usn/USN-2991-1", "https://access.redhat.com/errata/RHSA-2016:1425", "http://www.securitytracker.com/id/1036019", "https://security.gentoo.org/glsa/201606-06", "http://www.securityfocus.com/bid/90967"], "edition": 3, "description": "os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.", "reporter": "NVD", "published": "2016-06-07T10:06:14", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "title": "CVE-2016-4450", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2016-4450"], "scanner": [], "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~", "cpe:/a:nginx:nginx:1.10.0", "cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/a:nginx:nginx:1.11.0"], "modified": "2018-01-04T21:30:54", "id": "CVE-2016-4450", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4450", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "f5": [{"lastseen": "2017-06-08T00:16:19", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 619926 (F5 iWorkflow) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Medium| Nginx \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Medium| Nginx \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Medium| Nginx \nBIG-IQ ADC| 4.5.0| None| Medium| Nginx \nBIG-IQ Centralized Management| 5.0.0 \n4.6.0| 5.1.0| Medium| Nginx \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Medium| Nginx \nF5 iWorkflow| 2.0.0| None| Medium| Nginx \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n", "reporter": "f5", "published": "2016-10-04T02:31:00", "title": "Nginx vulnerability CVE-2016-4450", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2016-4450"], "modified": "2016-10-04T19:13:00", "href": "https://support.f5.com/csp/article/K08250500", "id": "F5:K08250500", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-10-04T17:24:42", "references": ["https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15106.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15113.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to SOL21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n", "reporter": "f5", "published": "2016-10-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "f5", "title": "SOL08250500 - Nginx vulnerability CVE-2016-4450", "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IQ Cloud and Orchestration", "version": "1.0.0", "operator": "le"}, {"name": "F5 iWorkflow", "version": "2.0.0", "operator": "le"}, {"name": "BIG-IQ Device", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IQ Cloud", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IQ ADC", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IQ Centralized Management", "version": "4.6.0", "operator": "le"}, {"name": "BIG-IQ Centralized Management", "version": "5.0.0", "operator": "le"}, {"name": "BIG-IQ Security", "version": "4.5.0", "operator": "le"}], "cvelist": ["CVE-2016-4450"], "modified": "2016-10-04T00:00:00", "id": "SOL08250500", "href": "http://support.f5.com/kb/en-us/solutions/public/k/08/sol08250500.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cloudfoundry": [{"lastseen": "2018-09-07T03:26:05", "references": [], "description": "CVE-2016-4450 Nginx Vulnerabilities\n\n# \n\nMedium\n\n# Vendor\n\nnginx, Cloud Foundry\n\n# Versions Affected\n\n * nginx before 1.10.1 and 1.11.x versions before 1.11.1 \n * Cloud Foundry staticfile buildpack prior to version 1.3.9 \n * Cloud Foundry cf-release prior to version 238 \n\n# Description\n\nos/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.\n\n# Mitigation\n\nUsers are strongly encouraged to follow one of the mitigations below:\n\n * Upgrade to Cloud Foundry version 238 or later \n * Upgrade the Cloud Foundry staticfile buildpack to version 1.3.9 or later and restage all applications that use automated buildpack detection\n\n# References\n\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450>\n", "edition": 4, "reporter": "Cloud Foundry", "published": "2016-07-13T00:00:00", "title": "CVE-2016-4450 Nginx Vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2016-4450"], "modified": "2016-07-13T00:00:00", "id": "CFOUNDRY:7E643D3894ADF4F839871B17C265A598", "href": "https://www.cloudfoundry.org/blog/cve-2016-4450/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:38", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4450"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "15.10", "packageVersion": "1.9.3-1ubuntu1.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "nginx-full", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.10", "packageVersion": "1.9.3-1ubuntu1.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "nginx-extras", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1.10.0-0ubuntu0.16.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "nginx-extras", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.10", "packageVersion": "1.9.3-1ubuntu1.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "nginx-light", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1.10.0-0ubuntu0.16.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "nginx-light", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1.10.0-0ubuntu0.16.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "nginx-full", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.10", "packageVersion": "1.9.3-1ubuntu1.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "nginx-core", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.4.6-1ubuntu3.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "nginx-core", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.4.6-1ubuntu3.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "nginx-full", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.4.6-1ubuntu3.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "nginx-extras", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.4.6-1ubuntu3.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "nginx-light", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1.10.0-0ubuntu0.16.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "nginx-core", "operator": "lt"}], "description": "It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.", "edition": 3, "reporter": "Ubuntu", "published": "2016-06-02T00:00:00", "title": "nginx vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-4450"], "modified": "2016-06-02T00:00:00", "id": "USN-2991-1", "href": "https://usn.ubuntu.com/2991-1/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:37:24", "references": [], "pluginID": "91451", "description": "It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2016-06-03T00:00:00", "title": "Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : nginx vulnerability (USN-2991-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2018-08-03T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:nginx-core", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:nginx-extras", "cpe:/o:canonical:ubuntu_linux:15.10", "p-cpe:/a:canonical:ubuntu_linux:nginx-full", "p-cpe:/a:canonical:ubuntu_linux:nginx-light", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2991-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91451", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2991-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91451);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/08/03 12:21:25\");\n\n script_cve_id(\"CVE-2016-4450\");\n script_xref(name:\"USN\", value:\"2991-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : nginx vulnerability (USN-2991-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that nginx incorrectly handled saving client request\nbodies to temporary files. A remote attacker could possibly use this\nissue to cause nginx to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-full\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-light\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2018 Canonical, Inc. / NASL script (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04|15\\.10|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.10 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nginx-core\", pkgver:\"1.4.6-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nginx-extras\", pkgver:\"1.4.6-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nginx-full\", pkgver:\"1.4.6-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nginx-light\", pkgver:\"1.4.6-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"nginx-core\", pkgver:\"1.9.3-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"nginx-extras\", pkgver:\"1.9.3-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"nginx-full\", pkgver:\"1.9.3-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"nginx-light\", pkgver:\"1.9.3-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-core\", pkgver:\"1.10.0-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-extras\", pkgver:\"1.10.0-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-full\", pkgver:\"1.10.0-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-light\", pkgver:\"1.10.0-0ubuntu0.16.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx-core / nginx-extras / nginx-full / nginx-light\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:53:00", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2016-ea323bd6cf"], "pluginID": "92194", "description": "fix CVE-2016-4450\n\n----\n\nupdate to upstream release 1.8.1 to fix CVE-2016-4450\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2016-07-14T00:00:00", "title": "Fedora 23 : 1:nginx (2016-ea323bd6cf)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2016-10-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:nginx", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-EA323BD6CF.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92194", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-ea323bd6cf.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92194);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2016/10/18 17:03:08 $\");\n\n script_cve_id(\"CVE-2016-4450\");\n script_xref(name:\"FEDORA\", value:\"2016-ea323bd6cf\");\n\n script_name(english:\"Fedora 23 : 1:nginx (2016-ea323bd6cf)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"fix CVE-2016-4450\n\n----\n\nupdate to upstream release 1.8.1 to fix CVE-2016-4450\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-ea323bd6cf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:nginx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"nginx-1.8.1-3.fc23\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:nginx\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:43:54", "references": ["http://www.debian.org/security/2016/dsa-3592", "https://packages.debian.org/source/jessie/nginx"], "pluginID": "91431", "description": "It was discovered that a NULL pointer dereference in the Nginx code responsible for saving client request bodies to a temporary file might result in denial of service: Malformed requests could crash worker processes.", "edition": 7, "reporter": "Tenable", "published": "2016-06-02T00:00:00", "title": "Debian DSA-3592-1 : nginx - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2018-07-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:nginx"], "id": "DEBIAN_DSA-3592.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91431", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3592. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91431);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/07/10 14:27:32\");\n\n script_cve_id(\"CVE-2016-4450\");\n script_xref(name:\"DSA\", value:\"3592\");\n\n script_name(english:\"Debian DSA-3592-1 : nginx - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that a NULL pointer dereference in the Nginx code\nresponsible for saving client request bodies to a temporary file might\nresult in denial of service: Malformed requests could crash worker\nprocesses.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/nginx\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2016/dsa-3592\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the nginx packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.6.2-5+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"nginx\", reference:\"1.6.2-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-common\", reference:\"1.6.2-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-doc\", reference:\"1.6.2-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-extras\", reference:\"1.6.2-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-extras-dbg\", reference:\"1.6.2-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-full\", reference:\"1.6.2-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-full-dbg\", reference:\"1.6.2-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-light\", reference:\"1.6.2-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-light-dbg\", reference:\"1.6.2-5+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:31", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2016-c329fc4c32"], "pluginID": "92155", "description": "update to upstream release 1.10.1 to fix CVE-2016-4450\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2016-07-14T00:00:00", "title": "Fedora 24 : 1:nginx (2016-c329fc4c32)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2016-10-18T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:24", "p-cpe:/a:fedoraproject:fedora:1:nginx"], "id": "FEDORA_2016-C329FC4C32.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92155", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-c329fc4c32.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92155);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2016/10/18 17:03:07 $\");\n\n script_cve_id(\"CVE-2016-4450\");\n script_xref(name:\"FEDORA\", value:\"2016-c329fc4c32\");\n\n script_name(english:\"Fedora 24 : 1:nginx (2016-c329fc4c32)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update to upstream release 1.10.1 to fix CVE-2016-4450\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-c329fc4c32\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:nginx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"nginx-1.10.1-1.fc24\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:nginx\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:46:42", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=982505"], "pluginID": "96943", "description": "This update for nginx fixes the following vulnerability :\n\n - CVE-2016-4450: Remote attackers could have caused a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.", "edition": 4, "reporter": "Tenable", "published": "2017-02-02T00:00:00", "title": "openSUSE Security Update : nginx (openSUSE-2017-192)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2017-02-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nginx-debuginfo", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:nginx-debugsource", "p-cpe:/a:novell:opensuse:nginx"], "id": "OPENSUSE-2017-192.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96943", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-192.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96943);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/02/02 14:39:40 $\");\n\n script_cve_id(\"CVE-2016-4450\");\n\n script_name(english:\"openSUSE Security Update : nginx (openSUSE-2017-192)\");\n script_summary(english:\"Check for the openSUSE-2017-192 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nginx fixes the following vulnerability :\n\n - CVE-2016-4450: Remote attackers could have caused a\n denial of service (NULL pointer dereference and worker\n process crash) via a crafted request, involving writing\n a client request body to a temporary file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982505\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nginx packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nginx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nginx-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"nginx-1.8.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"nginx-debuginfo-1.8.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"nginx-debugsource-1.8.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"nginx-1.8.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"nginx-debuginfo-1.8.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"nginx-debugsource-1.8.1-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx / nginx-debuginfo / nginx-debugsource\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:03:10", "references": ["http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html", "http://www.nessus.org/u?adfe9155"], "pluginID": "91399", "description": "Maxim Dounin reports :\n\nA problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file.", "edition": 5, "reporter": "Tenable", "published": "2016-06-01T00:00:00", "title": "FreeBSD : nginx -- a specially crafted request might result in worker process crash (36cf7670-2774-11e6-af29-f0def16c5c1b)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2016-10-19T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:nginx-devel", "p-cpe:/a:freebsd:freebsd:nginx"], "id": "FREEBSD_PKG_36CF7670277411E6AF29F0DEF16C5C1B.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91399", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2016 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91399);\n script_version(\"$Revision: 2.4 $\");\n script_cvs_date(\"$Date: 2016/10/19 14:02:54 $\");\n\n script_cve_id(\"CVE-2016-4450\");\n\n script_name(english:\"FreeBSD : nginx -- a specially crafted request might result in worker process crash (36cf7670-2774-11e6-af29-f0def16c5c1b)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Maxim Dounin reports :\n\nA problem was identified in nginx code responsible for saving client\nrequest body to a temporary file. A specially crafted request might\nresult in worker process crash due to a NULL pointer dereference while\nwriting client request body to a temporary file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html\"\n );\n # http://www.freebsd.org/ports/portaudit/36cf7670-2774-11e6-af29-f0def16c5c1b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?adfe9155\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nginx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"nginx>=1.4.0<1.8.1_3,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"nginx>=1.10.0,2<1.10.1,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"nginx-devel>=1.3.9<1.9.15_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"nginx-devel>=1.10.0<1.11.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:57:20", "references": ["https://alas.aws.amazon.com/ALAS-2016-715.html"], "pluginID": "91629", "description": "A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file.", "edition": 6, "reporter": "Tenable", "published": "2016-06-16T00:00:00", "title": "Amazon Linux AMI : nginx (ALAS-2016-715)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:nginx", "p-cpe:/a:amazon:linux:nginx-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-715.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91629", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-715.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91629);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-4450\");\n script_xref(name:\"ALAS\", value:\"2016-715\");\n\n script_name(english:\"Amazon Linux AMI : nginx (ALAS-2016-715)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A problem was identified in nginx code responsible for saving client\nrequest body to a temporary file. A specially crafted request might\nresult in worker process crash due to a NULL pointer dereference while\nwriting client request body to a temporary file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-715.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update nginx' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nginx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"nginx-1.8.1-3.27.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nginx-debuginfo-1.8.1-3.27.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx / nginx-debuginfo\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:30", "references": ["http://www.nessus.org/u?b364c9b9"], "pluginID": "107063", "description": "The version of Arista Networks EOS running on the remote device is affected by a denial of service vulnerability in NGINX due to a NULL pointer dereference flaw in the ngx_chain_to_iovec() function within file os/unix/ngx_files.c when handling specially crafted requests. An unauthenticated, remote attacker can exploit this, via a specially crafted request to write a client request body to a temporary file, to crash a worker process.", "edition": 4, "reporter": "Tenable", "published": "2018-02-28T00:00:00", "title": "Arista Networks EOS ngx_chain_to_iovec NULL Pointer Deference DoS (SA0021)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Misc.", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:arista:eos"], "id": "ARISTA_EOS_SA0021.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=107063", "sourceData": "#TRUSTED 554650f34f87258c9c2c93441216f02fc3559185280fd5b90e9b346917a1d929c9c8468ae44f86fe47b62f72d0b158cbaafbf34ecdb098ec66956532adc95e07ab597bb1e7d4f9904f51ca8dd6ddfda3a0f136e980db57ec8780f11e810d187cafe623f26523321077c194adafdce8ae5d90d6c4b684936e54d1271841623e1a85255a2efd97c1db1eed65ce8f6d63682cf9535f1e53cc8594bc82dc85a6077398df71da7e1f81e04b8d8569d038ef26be6fc89ae682c11cd13fba2d7a9df66588780b1345caf769a6ef9ff6437465ad3083b3f22ea570bee96f9daa4ab9eead28f00d1f665656c00ca3463f9f0281d875487c44f87f66a74d98a522a62476ca666d0a4de9ffaef20cdbf01c681493571515e2b2a26eb3d1cab1243a03aeb5fab63c37a8f4cd4632594d69e5345761cf446fcb9db148a41fab0f90b0058b6b45b1288f5408e21111fa3d323b9b7985f49b9d17d63262e37526bbebbcae013a0f6d70d749593acebc893a8209601834ce04953614e6984687e11793ee1e6b5830a95357849d853ec3a6bf551c68a625695196470f7be8fb9dcb5ff270b8df9982957df15c7904053e7ff7177947313214e80377ebcc590e94003f15889fe78627e366120f5e9649a7a9d7e57b037990a8042bf018f856fadc517a676d22972c43319cd874810f1d6d84c4f4da045c533925c4315b4f81907c0d29f72766e33fb8\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107063);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/08/09\");\n\n script_cve_id(\"CVE-2016-4450\");\n script_bugtraq_id(90967);\n\n script_name(english:\"Arista Networks EOS ngx_chain_to_iovec NULL Pointer Deference DoS (SA0021)\");\n script_summary(english:\"Checks the Arista Networks EOS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Arista Networks EOS running on the remote device is\naffected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Arista Networks EOS running on the remote device is\naffected by a denial of service vulnerability in NGINX due to a NULL\npointer dereference flaw in the ngx_chain_to_iovec() function within\nfile os/unix/ngx_files.c when handling specially crafted requests. An\nunauthenticated, remote attacker can exploit this, via a specially\ncrafted request to write a client request body to a temporary file,\nto crash a worker process.\");\n # https://www.arista.com/en/support/advisories-notices/security-advisories/1354-security-advisory-21\n script_set_attribute( attribute:\"see_also\", value:\"http://www.nessus.org/u?b364c9b9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Contact the vendor for a fixed version, or apply the patch file\nreferenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:arista:eos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"arista_eos_detect.nbin\");\n script_require_keys(\"Host/Arista-EOS/Version\", \"Host/Arista-EOS/eos_shell\");\n\n exit(0);\n}\n\n\ninclude(\"arista_eos_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/Arista-EOS/Version\");\next = \"1.6.2/3236644.idburleydevdasturias.11\";\nsha = \"d7124b02ae8505436a94a0440b2c4192b801b30bd84ed1a9c3672c8c4891fadca18b6221237fb959436c5dd084e95bc97317606c41c6b173993becbc13c857e6\";\nif(eos_extension_installed(ext:ext, sha:sha)) exit(0, \"The Arista device is not vulnerable, as a relevant hotfix has been installed.\");\n\nvmatrix = make_array();\nvmatrix[\"all\"] = make_list(\"4.12\");\nvmatrix[\"F\"] = make_list(\"4.13.1.1<=4.13.6\",\n \"4.14.0<=4.14.4.2\",\n \"4.15.0<=4.15.4.1\");\nvmatrix[\"M\"] = make_list(\"4.13.7<=4.13.15\",\n \"4.14.5<=4.14.11\",\n \"4.15.5\",\n \"4.15.6\",\n \"4.16.6\");\n\nvmatrix[\"misc\"] = make_list(\"4.14.5FX\",\n \"4.14.5FX.1\",\n \"4.14.5FX.2\",\n \"4.14.5FX.3\",\n \"4.14.5FX.4\",\n \"4.14.5.1F-SSU\",\n \"4.15.0FX\",\n \"4.15.0FXA\",\n \"4.15.0FX1\",\n \"4.15.1FXB.1\",\n \"4.15.1FXB\",\n \"4.15.1FX-7060X\",\n \"4.15.1FX-7060QX\",\n \"4.15.3FX-7050X-72Q\",\n \"4.15.3FX-7060X.1\",\n \"4.15.3FX-7500E3\",\n \"4.15.3FX-7500E3.3\",\n \"4.15.4FX-7500E3\",\n \"4.15.5FX-7500R\",\n \"4.15.5FX-7500R-bgpscale\"\n );\n\nif (eos_is_affected(vmatrix:vmatrix, version:version))\n{\n security_report_v4(severity:SECURITY_WARNING, port:0, extra:eos_report_get());\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Arista Networks EOS\", version);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:02:59", "references": ["https://security.gentoo.org/glsa/201606-06"], "pluginID": "103587", "description": "The remote host is affected by the vulnerability described in GLSA-201606-06 (nginx: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly cause a Denial of Service condition via a crafted packet.\n Workaround :\n\n There is no known workaround at this time.", "edition": 4, "reporter": "Tenable", "published": "2017-10-02T00:00:00", "title": "GLSA-201606-06 : nginx: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0746", "CVE-2016-0747", "CVE-2016-4450", "CVE-2013-3587", "CVE-2016-0742"], "modified": "2017-10-02T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:nginx", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201606-06.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=103587", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201606-06.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103587);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/10/02 21:40:44 $\");\n\n script_cve_id(\"CVE-2013-3587\", \"CVE-2016-0742\", \"CVE-2016-0746\", \"CVE-2016-0747\", \"CVE-2016-4450\");\n script_xref(name:\"GLSA\", value:\"201606-06\");\n\n script_name(english:\"GLSA-201606-06 : nginx: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201606-06\n(nginx: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in nginx. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly cause a Denial of Service condition via\n a crafted packet.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201606-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All nginx users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/nginx-1.10.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/nginx\", unaffected:make_list(\"ge 1.10.1\"), vulnerable:make_list(\"lt 1.10.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:46:27", "references": ["http://www.nessus.org/u?b465880d"], "pluginID": "111846", "description": "An update of [ linux , wget , vim , grub2 , zookeeper , nginx , dnsmasq , haproxy ] packages for PhotonOS has been released.", "edition": 3, "reporter": "Tenable", "published": "2018-08-17T00:00:00", "title": "Photon OS 1.0: Dnsmasq / Grub2 / Haproxy / Linux / Nginx / Vim / Wget / Zookeeper PHSA-2016-0012", "type": "nessus", "enchantments": {"score": {"modified": "2018-09-01T23:46:27", "vector": "NONE", "value": 5.0}}, "naslFamily": "PhotonOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9555", "CVE-2016-5360", "CVE-2016-1248", "CVE-2016-5017", "CVE-2016-4450", "CVE-2016-9083", "CVE-2015-8899", "CVE-2015-8370", "CVE-2016-7098"], "modified": "2018-08-17T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:wget", "p-cpe:/a:vmware:photonos:grub2", "p-cpe:/a:vmware:photonos:linux", "p-cpe:/a:vmware:photonos:haproxy", "p-cpe:/a:vmware:photonos:vim", "p-cpe:/a:vmware:photonos:zookeeper", "cpe:/o:vmware:photonos:1.0", "p-cpe:/a:vmware:photonos:dnsmasq", "p-cpe:/a:vmware:photonos:nginx"], "id": "PHOTONOS_PHSA-2016-0012.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111846", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2016-0012. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111846);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/08/17 14:20:03\");\n\n script_cve_id(\n \"CVE-2015-8370\",\n \"CVE-2015-8899\",\n \"CVE-2016-1248\",\n \"CVE-2016-4450\",\n \"CVE-2016-5017\",\n \"CVE-2016-5360\",\n \"CVE-2016-7098\",\n \"CVE-2016-9083\",\n \"CVE-2016-9555\"\n );\n\n script_name(english:\"Photon OS 1.0: Dnsmasq / Grub2 / Haproxy / Linux / Nginx / Vim / Wget / Zookeeper PHSA-2016-0012\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [ linux , wget , vim , grub2 , zookeeper , nginx ,\ndnsmasq , haproxy ] packages for PhotonOS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-12\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b465880d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9555\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:dnsmasq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:zookeeper\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"dnsmasq-2.76-1.ph1\",\n \"dnsmasq-debuginfo-2.76-1.ph1\",\n \"grub2-2.02-5.ph1\",\n \"grub2-efi-2.02-3.ph1\",\n \"grub2-efi-lang-2.02-3.ph1\",\n \"grub2-lang-2.02-5.ph1\",\n \"haproxy-1.6.10-1.ph1\",\n \"haproxy-debuginfo-1.6.10-1.ph1\",\n \"haproxy-doc-1.6.10-1.ph1\",\n \"linux-4.4.35-1.ph1\",\n \"linux-api-headers-4.4.35-1.ph1\",\n \"linux-debuginfo-4.4.35-1.ph1\",\n \"linux-dev-4.4.35-1.ph1\",\n \"linux-docs-4.4.35-1.ph1\",\n \"linux-drivers-gpu-4.4.35-1.ph1\",\n \"linux-esx-4.4.35-1.ph1\",\n \"linux-esx-debuginfo-4.4.35-1.ph1\",\n \"linux-esx-devel-4.4.35-1.ph1\",\n \"linux-esx-docs-4.4.35-1.ph1\",\n \"linux-oprofile-4.4.35-1.ph1\",\n \"linux-sound-4.4.35-1.ph1\",\n \"linux-tools-4.4.35-1.ph1\",\n \"linux-tools-debuginfo-4.4.35-1.ph1\",\n \"nginx-1.10.0-4.ph1\",\n \"nginx-debuginfo-1.10.0-4.ph1\",\n \"vim-7.4-6.ph1\",\n \"vim-extra-7.4-6.ph1\",\n \"wget-1.18-1.ph1\",\n \"wget-debuginfo-1.18-1.ph1\",\n \"zookeeper-3.4.9-1.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dnsmasq / grub2 / haproxy / linux / nginx / vim / wget / zookeeper\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nginx": [{"lastseen": "2016-09-26T17:22:31", "references": [], "edition": 1, "description": "NULL pointer dereference while writing client request body\nSeverity: medium\nCVE-2016-4450\nNot vulnerable: 1.11.1+, 1.10.1+\nVulnerable: 1.3.9-1.11.0", "reporter": "Nginx", "published": "2016-06-07T10:06:14", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nginx", "title": "NULL pointer dereference while writing client request body", "bulletinFamily": "software", "affectedSoftware": [{"name": "nginx", "version": "1.11.0", "operator": "le"}], "cvelist": ["CVE-2016-4450"], "modified": "2016-06-07T10:06:14", "id": "NGINX:CVE-2016-4450", "href": "http://nginx.org/en/security_advisories.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "hackerone": [{"lastseen": "2018-04-19T17:34:13", "references": [], "bounty": 0.0, "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/013/291/5d33b6e08fad356e1743fd899fe7d6dda9971209_small.png?1491410731", "medium": "https://profile-photos.hackerone-user-content.com/000/013/291/1d2ac8991616fcd3e3cdd567d02b7e70e20a3883_medium.png?1491410731"}, "handle": "nextcloud", "url": "https://hackerone.com/nextcloud"}, "bountyState": "resolved", "edition": 5, "description": "The https://help.nextcloud.com sub-site is running Nginx/1.10.0 which is vuln to a known issue (CVE-2016-4450) which allows a remote malformed HTTP request to cause the Nginx process to crash.\n\nDoS testing is mentioned as not requested, but if you know of an issue give it a go .. \n\nYou can determine the version running by requesting the IP of the site and getting the HTTP 301, eg: https://88.198.160.135\n\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4450", "reporter": "shoveller", "published": "2016-06-17T14:10:20", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "hackerone", "title": "Nextcloud: help.nextcloud.com: Known DoS condition (null pointer deref) in Nginx running", "h1reporter": {"profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "hacker_mediation": false, "disabled": false, "is_me?": false, "hackerone_triager": false, "url": "/shoveller", "username": "shoveller"}, "bulletinFamily": "bugbounty", "cvelist": ["CVE-2016-4450"], "modified": "2016-07-27T20:51:19", "id": "H1:145409", "href": "https://hackerone.com/reports/145409", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2018-09-01T23:45:47", "references": ["https://alas.aws.amazon.com/ALAS-2016-715.html"], "pluginID": "1361412562310120704", "description": "Amazon Linux Local Security Checks", "edition": 4, "reporter": "This script is Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-10-26T00:00:00", "title": "Amazon Linux Local Check: alas-2016-715", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310120704", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120704", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Amazon Linux security check\n# $Id: alas-2016-715.nasl 6574 2017-07-06 13:41:26Z cfischer $\n# \n# Authors:\n# Autogenerated by alas-generator developed by Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.120704\");\nscript_version(\"$Revision: 6574 $\");\nscript_tag(name:\"creation_date\", value:\"2016-10-26 15:38:13 +0300 (Wed, 26 Oct 2016)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:41:26 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Amazon Linux Local Check: alas-2016-715\");\nscript_tag(name: \"insight\", value: \"A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file.\"); \nscript_tag(name : \"solution\", value : \"Run yum update nginx to update your system.\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://alas.aws.amazon.com/ALAS-2016-715.html\");\nscript_cve_id(\"CVE-2016-4450\");\nscript_tag(name:\"cvss_base\", value:\"5.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\nscript_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\nscript_family(\"Amazon Linux Local Security Checks\");\nexit(0);\n\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\n\nif(release == NULL)\n{\n exit(0);\n}\n\nif(release == \"AMAZON\")\n{\n if ((res = isrpmvuln(pkg:\"nginx-debuginfo\", rpm:\"nginx-debuginfo~1.8.1~3.27.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~1.8.1~3.27.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:54:44", "references": ["http://www.debian.org/security/2016/dsa-3592.html"], "pluginID": "703592", "description": "It was discovered that a NULL pointer\ndereference in the Nginx code responsible for saving client request bodies to a\ntemporary file might result in denial of service: Malformed requests could crash\nworker processes.", "edition": 2, "reporter": "Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net", "published": "2016-06-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 3592-1 (nginx - security update)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703592", "id": "OPENVAS:703592", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3592.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3592-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703592);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-4450\");\n script_name(\"Debian Security Advisory DSA 3592-1 (nginx - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-06-01 00:00:00 +0200 (Wed, 01 Jun 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3592.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"nginx on Debian Linux\");\n script_tag(name: \"insight\", value: \"Nginx ('engine X') is a high-performance\nweb and reverse proxy server created by Igor Sysoev. It can be used both as a\nstandalone web server and as a proxy to reduce the load on back-end HTTP or mail\nservers.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthis problem has been fixed in version 1.6.2-5+deb8u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.10.1-1.\n\nWe recommend that you upgrade your nginx packages.\");\n script_tag(name: \"summary\", value: \"It was discovered that a NULL pointer\ndereference in the Nginx code responsible for saving client request bodies to a\ntemporary file might result in denial of service: Malformed requests could crash\nworker processes.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"nginx\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-common\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-doc\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-extras-dbg\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-full-dbg\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-light-dbg\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:48:26", "references": ["2016-c329fc4c32", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2S5JWYSBSVKKV3NTUIFLXFGREORZQC"], "pluginID": "1361412562310808464", "description": "Check the version of nginx", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-06-19T00:00:00", "title": "Fedora Update for nginx FEDORA-2016-c329fc4c32", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310808464", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808464", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nginx FEDORA-2016-c329fc4c32\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808464\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-19 05:26:29 +0200 (Sun, 19 Jun 2016)\");\n script_cve_id(\"CVE-2016-4450\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for nginx FEDORA-2016-c329fc4c32\");\n script_tag(name: \"summary\", value: \"Check the version of nginx\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name: \"insight\", value: \"Nginx is a web server and a reverse proxy\n server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high\n concurrency, performance and low memory usage.\");\n\n script_tag(name: \"affected\", value: \"nginx on Fedora 24\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-c329fc4c32\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2S5JWYSBSVKKV3NTUIFLXFGREORZQC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~1.10.1~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:31", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKHKJFTNXLSD4QLHYAFIKDSRXMNFU7YM", "2016-ea323bd6cf"], "pluginID": "1361412562310808376", "description": "Check the version of nginx", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-06-08T00:00:00", "title": "Fedora Update for nginx FEDORA-2016-ea323bd6cf", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310808376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808376", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nginx FEDORA-2016-ea323bd6cf\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808376\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:41:19 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-4450\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for nginx FEDORA-2016-ea323bd6cf\");\n script_tag(name: \"summary\", value: \"Check the version of nginx\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and\nIMAP protocols, with a strong focus on high concurrency, performance and low\nmemory usage.\n\");\n script_tag(name: \"affected\", value: \"nginx on Fedora 23\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-ea323bd6cf\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKHKJFTNXLSD4QLHYAFIKDSRXMNFU7YM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~1.8.1~3.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:46:16", "references": ["2991-1", "http://www.ubuntu.com/usn/usn-2991-1/"], "pluginID": "1361412562310842780", "description": "Check the version of nginx", "edition": 7, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-06-03T00:00:00", "title": "Ubuntu Update for nginx USN-2991-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310842780", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for nginx USN-2991-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842780\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-03 05:28:39 +0200 (Fri, 03 Jun 2016)\");\n script_cve_id(\"CVE-2016-4450\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for nginx USN-2991-1\");\n script_tag(name:\"summary\", value:\"Check the version of nginx\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that nginx incorrectly\n handled saving client request bodies to temporary files. A remote attacker could\n possibly use this issue to cause nginx to crash, resulting in a denial of service.\");\n script_tag(name:\"affected\", value:\"nginx on Ubuntu 16.04 LTS,\n Ubuntu 15.10,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2991-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2991-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.04 LTS|15\\.10)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nginx-core\", ver:\"1.4.6-1ubuntu3.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.4.6-1ubuntu3.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.4.6-1ubuntu3.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.4.6-1ubuntu3.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nginx-core\", ver:\"1.10.0-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.10.0-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.10.0-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.10.0-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nginx-core\", ver:\"1.9.3-1ubuntu1.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.9.3-1ubuntu1.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.9.3-1ubuntu1.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.9.3-1ubuntu1.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:24", "references": ["http://www.debian.org/security/2016/dsa-3592.html"], "pluginID": "1361412562310703592", "description": "It was discovered that a NULL pointer\ndereference in the Nginx code responsible for saving client request bodies to a\ntemporary file might result in denial of service: Malformed requests could crash\nworker processes.", "edition": 3, "reporter": "Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net", "published": "2016-06-01T00:00:00", "title": "Debian Security Advisory DSA 3592-1 (nginx - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2017-12-15T00:00:00", "id": "OPENVAS:1361412562310703592", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703592", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3592.nasl 8131 2017-12-15 07:30:28Z teissa $\n# Auto-generated from advisory DSA 3592-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703592\");\n script_version(\"$Revision: 8131 $\");\n script_cve_id(\"CVE-2016-4450\");\n script_name(\"Debian Security Advisory DSA 3592-1 (nginx - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-12-15 08:30:28 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-06-01 00:00:00 +0200 (Wed, 01 Jun 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3592.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"nginx on Debian Linux\");\n script_tag(name: \"insight\", value: \"Nginx ('engine X') is a high-performance\nweb and reverse proxy server created by Igor Sysoev. It can be used both as a\nstandalone web server and as a proxy to reduce the load on back-end HTTP or mail\nservers.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthis problem has been fixed in version 1.6.2-5+deb8u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.10.1-1.\n\nWe recommend that you upgrade your nginx packages.\");\n script_tag(name: \"summary\", value: \"It was discovered that a NULL pointer\ndereference in the Nginx code responsible for saving client request bodies to a\ntemporary file might result in denial of service: Malformed requests could crash\nworker processes.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"nginx\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-common\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-doc\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-extras-dbg\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-full-dbg\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-light-dbg\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2016-09-02T18:33:30", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1.6.2-5+deb8u2", "arch": "all", "packageFilename": "nginx-light_1.6.2-5+deb8u2_all.deb", "packageName": "nginx-light", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1.6.2-5+deb8u2", "arch": "all", "packageFilename": "nginx-extras-dbg_1.6.2-5+deb8u2_all.deb", "packageName": "nginx-extras-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1.6.2-5+deb8u2", "arch": "all", "packageFilename": "nginx-doc_1.6.2-5+deb8u2_all.deb", "packageName": "nginx-doc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1.6.2-5+deb8u2", "arch": "all", "packageFilename": "nginx-extras_1.6.2-5+deb8u2_all.deb", "packageName": "nginx-extras", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1.6.2-5+deb8u2", "arch": "all", "packageFilename": "nginx-common_1.6.2-5+deb8u2_all.deb", "packageName": "nginx-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1.6.2-5+deb8u2", "arch": "all", "packageFilename": "nginx-full_1.6.2-5+deb8u2_all.deb", "packageName": "nginx-full", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1.6.2-5+deb8u2", "arch": "all", "packageFilename": "nginx-full-dbg_1.6.2-5+deb8u2_all.deb", "packageName": "nginx-full-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1.6.2-5+deb8u2", "arch": "all", "packageFilename": "nginx_1.6.2-5+deb8u2_all.deb", "packageName": "nginx", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "1.6.2-5+deb8u2", "arch": "all", "packageFilename": "nginx-light-dbg_1.6.2-5+deb8u2_all.deb", "packageName": "nginx-light-dbg", "operator": "lt"}], "description": "It was discovered that a NULL pointer dereference in the Nginx code responsible for saving client request bodies to a temporary file might result in denial of service: Malformed requests could crash worker processes.\n\nFor the stable distribution (jessie), this problem has been fixed in version 1.6.2-5+deb8u2.\n\nFor the unstable distribution (sid), this problem has been fixed in version 1.10.1-1.\n\nWe recommend that you upgrade your nginx packages.", "edition": 1, "reporter": "Debian", "published": "2016-06-01T00:00:00", "title": "nginx -- security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4450"], "modified": "2016-06-01T00:00:00", "id": "DSA-3592", "href": "http://www.debian.org/security/dsa-3592", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "amazon": [{"lastseen": "2016-09-28T21:03:57", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.1-3.27", "arch": "i686", "packageFilename": "nginx-1.8.1-3.27.amzn1.i686", "packageName": "nginx", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.1-3.27", "arch": "x86_64", "packageFilename": "nginx-1.8.1-3.27.amzn1.x86_64", "packageName": "nginx", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.1-3.27", "arch": "src", "packageFilename": "nginx-1.8.1-3.27.amzn1.src", "packageName": "nginx", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.1-3.27", "arch": "i686", "packageFilename": "nginx-debuginfo-1.8.1-3.27.amzn1.i686", "packageName": "nginx-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.8.1-3.27", "arch": "x86_64", "packageFilename": "nginx-debuginfo-1.8.1-3.27.amzn1.x86_64", "packageName": "nginx-debuginfo", "operator": "lt"}], "edition": 1, "description": "**Issue Overview:**\n\nA problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file.\n\n \n**Affected Packages:** \n\n\nnginx\n\n \n**Issue Correction:** \nRun _yum update nginx_ to update your system. \n\n\n \n**New Packages:**\n \n \n i686: \n nginx-debuginfo-1.8.1-3.27.amzn1.i686 \n nginx-1.8.1-3.27.amzn1.i686 \n \n src: \n nginx-1.8.1-3.27.amzn1.src \n \n x86_64: \n nginx-1.8.1-3.27.amzn1.x86_64 \n nginx-debuginfo-1.8.1-3.27.amzn1.x86_64 \n \n \n", "reporter": "Amazon", "published": "2016-06-15T13:30:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "amazon", "title": "Medium: nginx", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4450"], "modified": "2016-06-15T13:30:00", "id": "ALAS-2016-715", "href": "https://alas.aws.amazon.com/ALAS-2016-715.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:36", "references": ["http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html", "https://access.redhat.com/security/cve/CVE-2016-4450"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "1.10.1-1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "nginx", "operator": "lt"}], "description": "A vulnerability was found in nginx code responsible for saving client\nrequest body to a temporary file. A specially crafted request might\nresult in worker process crash due to a NULL pointer dereference while\nhandling the client request body.", "edition": 1, "reporter": "Arch Linux", "published": "2016-06-01T00:00:00", "title": "nginx: denial of service", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4450"], "modified": "2016-06-01T00:00:00", "id": "ASA-201606-1", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:40", "references": ["http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html", "https://access.redhat.com/security/cve/CVE-2016-4450"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "1.11.1-1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "nginx-mainline", "operator": "lt"}], "description": "A vulnerability was found in nginx code responsible for saving client\nrequest body to a temporary file. A specially crafted request might\nresult in worker process crash due to a NULL pointer dereference while\nhandling the client request body.", "edition": 1, "reporter": "Arch Linux", "published": "2016-06-01T00:00:00", "title": "nginx-mainline: denial of service", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4450"], "modified": "2016-06-01T00:00:00", "id": "ASA-201606-2", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:18", "references": ["http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.3.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "nginx-devel", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.4.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "nginx", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.9.15_1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "nginx-devel", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.8.1_3,2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "nginx", "operator": "lt"}], "description": "\nMaxim Dounin reports:\n\nA problem was identified in nginx code responsible for saving\n\t client request body to a temporary file. A specially crafted\n\t request might result in worker process crash due to a NULL\n\t pointer dereference while writing client request body to a\n\t temporary file.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2016-05-31T00:00:00", "title": "nginx -- a specially crafted request might result in worker process crash", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-4450"], "modified": "2016-06-05T00:00:00", "id": "36CF7670-2774-11E6-AF29-F0DEF16C5C1B", "href": "https://vuxml.freebsd.org/freebsd/36cf7670-2774-11e6-af29-f0def16c5c1b.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-06-12T23:59:33", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.1-1.el6", "arch": "src", "packageName": "rh-nginx18-nginx", "packageFilename": "rh-nginx18-nginx-1.8.1-1.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.1-1.el6", "arch": "x86_64", "packageName": "rh-nginx18-nginx", "packageFilename": "rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.1-1.el7", "arch": "src", "packageName": "rh-nginx18-nginx", "packageFilename": "rh-nginx18-nginx-1.8.1-1.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.1-1.el7", "arch": "x86_64", "packageName": "rh-nginx18-nginx", "packageFilename": "rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.8.1-1.el6", "arch": "x86_64", "packageName": "rh-nginx18-nginx-debuginfo", "packageFilename": "rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.8.1-1.el7", "arch": "x86_64", "packageName": "rh-nginx18-nginx-debuginfo", "packageFilename": "rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm", "operator": "lt"}], "description": "Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.\n\nThe following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).\n\nSecurity Fix(es):\n\n* A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash. (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration. (CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. (CVE-2016-0747)", "reporter": "RedHat", "published": "2016-07-14T08:53:33", "type": "redhat", "title": "(RHSA-2016:1425) Moderate: rh-nginx18-nginx security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-0742", "CVE-2016-0746", "CVE-2016-0747", "CVE-2016-4450"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-13T01:28:18", "id": "RHSA-2016:1425", "href": "https://access.redhat.com/errata/RHSA-2016:1425", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:04", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=573046", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587", "https://bugs.gentoo.org/show_bug.cgi?id=584744", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742", "https://bugs.gentoo.org/show_bug.cgi?id=560854", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.10.1", "packageFilename": "UNKNOWN", "packageName": "www-servers/nginx", "arch": "all", "operator": "lt"}], "description": "### Background\n\nnginx is a robust, small, and high performance HTTP and reverse proxy server. \n\n### Description\n\nMultiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly cause a Denial of Service condition via a crafted packet. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll nginx users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/nginx-1.10.1\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2016-06-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "gentoo", "title": "nginx: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0746", "CVE-2016-0747", "CVE-2016-4450", "CVE-2013-3587", "CVE-2016-0742"], "modified": "2016-06-17T00:00:00", "id": "GLSA-201606-06", "href": "https://security.gentoo.org/glsa/201606-06", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}