Lucene search

K
mageiaGentoo FoundationMGASA-2014-0136
HistoryMar 19, 2014 - 9:57 p.m.

Updated nginx package fixes security vulnerability

2014-03-1921:57:32
Gentoo Foundation
advisories.mageia.org
32

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.037

Percentile

91.8%

A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution (CVE-2014-0133).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchnginx< 1.4.7-1nginx-1.4.7-1.mga4

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.037

Percentile

91.8%