Lucene search

K

Gentoo FoundationGLSA-201310-04

HistoryOct 06, 2013 - 12:00 a.m.

nginx: Multiple vulnerabilities

2013-10-0600:00:00

Gentoo Foundation

security.gentoo.org

47

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.117 Low

EPSS

Percentile

95.2%

Background

nginx is a robust, small, and high performance HTTP and reverse proxy server.

Description

Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Furthermore, a context-dependent attacker may be able to obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All nginx users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=www-servers/nginx-1.4.1-r2"

OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-servers/nginx< 1.4.1-r2UNKNOWN

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.117 Low

EPSS

Percentile

95.2%

Related for GLSA-201310-04

nessus15 openvas12 securityvulns2 freebsd1 debiancve3 amazon1 ubuntucve4 prion3 mageia1 fedora3 cve3 canvas1 seebug6 packetstorm3 altlinux1 zdt2 exploitpack2 debian1 nginx2 myhack581 exploitdb2