Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-2084.NASL
HistorySep 30, 2019 - 12:00 a.m.

EulerOS 2.0 SP8 : nginx (EulerOS-SA-2019-2084)

2019-09-3000:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27

7.9 High

AI Score

Confidence

High

JSON

According to the versions of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the ‘http2’ option of the ‘listen’ directive is used in a configuration file.(CVE-2018-16843)

  • nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the ‘http2’ option of the ‘listen’ directive is used in a configuration file.(CVE-2018-16844)

  • Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree.
    This can consume excess CPU.(CVE-2019-9513)

  • Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.(CVE-2019-9511)

  • Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.(CVE-2019-9516)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(129443);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/22");

  script_cve_id(
    "CVE-2018-16843",
    "CVE-2018-16844",
    "CVE-2019-9511",
    "CVE-2019-9513",
    "CVE-2019-9516"
  );
  script_xref(name:"CEA-ID", value:"CEA-2019-0643");

  script_name(english:"EulerOS 2.0 SP8 : nginx (EulerOS-SA-2019-2084)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the nginx packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - nginx before versions 1.15.6 and 1.14.1 has a
    vulnerability in the implementation of HTTP/2 that can
    allow for excessive memory consumption. This issue
    affects nginx compiled with the ngx_http_v2_module (not
    compiled by default) if the 'http2' option of the
    'listen' directive is used in a configuration
    file.(CVE-2018-16843)

  - nginx before versions 1.15.6 and 1.14.1 has a
    vulnerability in the implementation of HTTP/2 that can
    allow for excessive CPU usage. This issue affects nginx
    compiled with the ngx_http_v2_module (not compiled by
    default) if the 'http2' option of the 'listen'
    directive is used in a configuration
    file.(CVE-2018-16844)

  - Some HTTP/2 implementations are vulnerable to resource
    loops, potentially leading to a denial of service. The
    attacker creates multiple request streams and
    continually shuffles the priority of the streams in a
    way that causes substantial churn to the priority tree.
    This can consume excess CPU.(CVE-2019-9513)

  - Some HTTP/2 implementations are vulnerable to window
    size manipulation and stream prioritization
    manipulation, potentially leading to a denial of
    service. The attacker requests a large amount of data
    from a specified resource over multiple streams. They
    manipulate window size and stream priority to force the
    server to queue the data in 1-byte chunks. Depending on
    how efficiently this data is queued, this can consume
    excess CPU, memory, or both.(CVE-2019-9511)

  - Some HTTP/2 implementations are vulnerable to a header
    leak, potentially leading to a denial of service. The
    attacker sends a stream of headers with a 0-length
    header name and 0-length header value, optionally
    Huffman encoded into 1-byte or greater headers. Some
    implementations allocate memory for these headers and
    keep the allocation alive until the session dies. This
    can consume excess memory.(CVE-2019-9516)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2084
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b392da62");
  script_set_attribute(attribute:"solution", value:
"Update the affected nginx packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9513");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nginx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nginx-all-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nginx-filesystem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nginx-mod-http-image-filter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nginx-mod-http-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nginx-mod-http-xslt-filter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nginx-mod-mail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nginx-mod-stream");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["nginx-1.12.1-14.h1.eulerosv2r8",
        "nginx-all-modules-1.12.1-14.h1.eulerosv2r8",
        "nginx-filesystem-1.12.1-14.h1.eulerosv2r8",
        "nginx-mod-http-image-filter-1.12.1-14.h1.eulerosv2r8",
        "nginx-mod-http-perl-1.12.1-14.h1.eulerosv2r8",
        "nginx-mod-http-xslt-filter-1.12.1-14.h1.eulerosv2r8",
        "nginx-mod-mail-1.12.1-14.h1.eulerosv2r8",
        "nginx-mod-stream-1.12.1-14.h1.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nginx");
}
VendorProductVersionCPE
huaweieulerosnginxp-cpe:/a:huawei:euleros:nginx
huaweieulerosnginx-all-modulesp-cpe:/a:huawei:euleros:nginx-all-modules
huaweieulerosnginx-filesystemp-cpe:/a:huawei:euleros:nginx-filesystem
huaweieulerosnginx-mod-http-image-filterp-cpe:/a:huawei:euleros:nginx-mod-http-image-filter
huaweieulerosnginx-mod-http-perlp-cpe:/a:huawei:euleros:nginx-mod-http-perl
huaweieulerosnginx-mod-http-xslt-filterp-cpe:/a:huawei:euleros:nginx-mod-http-xslt-filter
huaweieulerosnginx-mod-mailp-cpe:/a:huawei:euleros:nginx-mod-mail
huaweieulerosnginx-mod-streamp-cpe:/a:huawei:euleros:nginx-mod-stream
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Related

openvas 36
githubexploit 1
nessus 60
suse 7
fedora 10
symantec 1
redhat 11
rocky 1
osv 6
archlinux 3
freebsd 4
oraclelinux 5
mageia 3
hackerone 1
debian 3
amazon 5
almalinux 2
ubuntu 2
ibm 16
f5 1
photon 5
altlinux 2
thn 1
nodejsblog 1
cloudfoundry 1
fortinet 1
redhatcve 1
nginx 1
threatpost 1
myhack58 1
ubuntucve 1
debiancve 1
cve 1
veracode 1
prion 1
alpinelinux 1
openvas
openvas
Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2019-2084)
2020-01-23 00:00:00
openSUSE: Security Advisory for nginx (openSUSE-SU-2019:2120-1)
2020-01-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2309-1)
2021-06-09 00:00:00
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in F5 Nginx
2020-12-22 10:16:11
nessus
nessus
openSUSE Security Update : nginx (openSUSE-2019-2120) (0-Length Headers Leak) (Data Dribble) (Resource Loop)
2019-09-11 00:00:00
SUSE SLES15 Security Update : nginx (SUSE-SU-2019:2309-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)
2019-09-06 00:00:00
Oracle Linux 8 : nginx:1.14 (ELSA-2019-2799) (0-Length Headers Leak) (Data Dribble) (Resource Loop)
2019-09-20 00:00:00
suse
suse
Security update for nginx (important)
2019-09-11 00:00:00
Security update for nginx (moderate)
2019-10-06 00:00:00
Security update for nghttp2 (moderate)
2019-10-01 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: nginx-1.16.1-1.fc29
2019-09-04 04:07:11
[SECURITY] Fedora 30 Update: nginx-1.16.1-1.fc30
2019-08-22 01:18:25
[SECURITY] Fedora 29 Update: nghttp2-1.39.2-1.fc29
2019-08-27 18:38:08
symantec
symantec
Nginx Vulnerabilities Jul 2017 - Oct 2019
2020-05-06 18:48:22
redhat
redhat
(RHSA-2019:2799) Important: nginx:1.14 security update
2019-09-17 08:45:10
(RHSA-2019:2775) Important: rh-nginx114-nginx security update
2019-09-16 12:43:00
(RHSA-2019:2746) Important: rh-nginx112-nginx security update
2019-09-12 11:30:03
rocky
rocky
nginx:1.14 security update
2019-09-17 08:45:10
osv
osv
Important: nginx:1.14 security update
2019-09-17 08:45:10
Important: nginx:1.14 security update
2019-09-17 08:45:10
nginx - security update
2019-08-22 00:00:00
archlinux
archlinux
[ASA-201908-12] nginx-mainline: denial of service
2019-08-16 00:00:00
[ASA-201908-13] nginx: denial of service
2019-08-16 00:00:00
[ASA-201908-17] libnghttp2: denial of service
2019-08-27 00:00:00
freebsd
freebsd
NGINX -- Multiple vulnerabilities
2019-08-13 00:00:00
nghttp2 -- multiple vulnerabilities
2019-08-13 00:00:00
NGINX -- Multiple vulnerabilities
2018-11-06 00:00:00
oraclelinux
oraclelinux
nginx:1.14 security update
2019-09-19 00:00:00
nghttp2 security update
2019-09-10 00:00:00
nghttp2 security update
2020-07-06 00:00:00
mageia
mageia
Updated nginx packages fix security vulnerabilities
2019-11-30 16:06:06
Updated nghttp2 packages fix security vulnerabilities
2019-09-28 04:05:09
Updated nginx package fixes security vulnerabilities
2018-11-18 01:23:26
hackerone
hackerone
Localize: Nginx version is disclosed in HTTP response
2020-01-26 21:54:31
debian
debian
[SECURITY] [DSA 4505-1] nginx security update
2019-08-22 19:38:21
[SECURITY] [DSA 4511-1] nghttp2 security update
2019-09-01 21:08:06
[SECURITY] [DSA 4335-1] nginx security update
2018-11-08 21:34:23
amazon
amazon
Important: nginx
2019-09-30 21:06:00
Medium: nginx
2018-12-13 17:27:00
Important: nghttp2
2019-09-30 21:03:00
almalinux
almalinux
Important: nginx:1.14 security update
2019-09-17 08:45:10
Important: nodejs:10 security update
2019-09-30 07:07:29
ubuntu
ubuntu
nginx vulnerabilities
2019-08-15 00:00:00
nginx vulnerabilities
2018-11-07 00:00:00
ibm
ibm
Security Bulletin: API Connect V2018 is impacted by a vulnerability in nginx (CVE-2018-16843 CVE-2018-16844)
2019-08-13 20:10:31
Security Bulletin: IBM DataPower Gateway is affected by Denial of Service vulnerabilities
2021-06-08 21:47:38
Security Bulletin: IBM MQ Appliance affected by HTTP/2 vulnerabilities (CVE-2019-9511 and CVE-2019-9513)
2020-01-27 10:37:46
f5
f5
K02591030 : HTTP/2 vulnerabilities CVE-2019-9511, CVE-2019-9513, CVE-2019-9516, and CVE-2019-9517
2019-08-20 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0117
2019-01-04 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0201
2018-12-20 00:00:00
Important Photon OS Security Update - PHSA-2018-0201
2018-12-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package nginx version 1.14.1-alt1
2018-11-06 00:00:00
Security fix for the ALT Linux 10 package node version 10.16.3-alt1
2019-08-30 00:00:00
thn
thn
8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks
2019-08-14 08:19:00
nodejsblog
nodejsblog
August 2019 Security Releases
2019-08-16 00:00:00
cloudfoundry
cloudfoundry
Various HTTP2 CVEs: Some Cloud Foundry products are impacted by HTTP denial of service attacks | Cloud Foundry
2019-12-03 00:00:00
fortinet
fortinet
HTTP/2 Multiple DoS Attacks (VU#605641)
2019-09-03 00:00:00
redhatcve
redhatcve
CVE-2018-16843
2018-11-07 00:49:07
nginx
nginx
Excessive memory usage in HTTP/2
2018-11-07 14:29:00
threatpost
threatpost
HTTP Bugs Open Websites to DoS Attacks
2019-08-15 19:20:38
myhack58
myhack58
HTTP/2 denial of service attack vulnerability alerts-a vulnerability alert-the black bar safety net
2019-08-14 00:00:00
ubuntucve
ubuntucve
CVE-2018-16843
2018-11-06 00:00:00
debiancve
debiancve
CVE-2018-16843
2018-11-07 14:29:00
cve
cve
CVE-2018-16843
2018-11-07 14:29:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:26:57
prion
prion
Design/Logic Flaw
2018-11-07 14:29:00
alpinelinux
alpinelinux
CVE-2018-16843
2018-11-07 14:29:00

7.9 High

AI Score

Confidence

High

JSON
Related for EULEROS_SA-2019-2084.NASL
openvas36githubexploit1nessus60suse7fedora10symantec1redhat11rocky1osv6archlinux3freebsd4oraclelinux5mageia3hackerone1debian3amazon5almalinux2ubuntu2ibm16f51photon5altlinux2thn1nodejsblog1cloudfoundry1fortinet1redhatcve1nginx1threatpost1myhack581ubuntucve1debiancve1cve1veracode1prion1alpinelinux1