7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
According to its Server response header, the installed version of nginx is 1.0.x prior to 1.22.1 or 1.1.x prior to 1.23.2. It is, therefore, affected by a memory disclosure in the ngx_http_mp4_module that allows an attacker to cause a worker process crash or worker process memory disclosure. The issues only affect nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the mp4 directive is used in the configuration file.
Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(166545);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/02");
script_cve_id("CVE-2022-41741", "CVE-2022-41742");
script_xref(name:"IAVA", value:"2022-A-0440-S");
script_name(english:"nginx 1.1.x < 1.23.2 / 1.0.x < 1.22.1 Memory Disclosure");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by a memory disclosure avulnerability.");
script_set_attribute(attribute:"description", value:
"According to its Server response header, the installed version of nginx is 1.0.x prior to 1.22.1 or 1.1.x prior to
1.23.2. It is, therefore, affected by a memory disclosure in the ngx_http_mp4_module that allows an attacker to cause a
worker process crash or worker process memory disclosure. The issues only affect nginx if it is built with the
ngx_http_mp4_module (the module is not built by default) and the mp4 directive is used in the configuration file.
Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with
the ngx_http_mp4_module.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://mailman.nginx.org/archives/list/[email protected]/message/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fd7e4ded");
script_set_attribute(attribute:"see_also", value:"http://nginx.org/download/patch.2022.mp4.txt");
script_set_attribute(attribute:"solution", value:
"Upgrade to nginx 1.22.1 or 1.23.2 or later.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-41741");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/26");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:nginx:nginx");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("nginx_detect.nasl", "nginx_nix_installed.nbin");
script_require_keys("installed_sw/nginx", "Settings/ParanoidReport");
exit(0);
}
include('vcf.inc');
include('http.inc');
var appname = 'nginx';
get_install_count(app_name:appname, exit_if_zero:TRUE);
var app_info = vcf::combined_get_app_info(app:appname);
vcf::check_all_backporting(app_info:app_info);
vcf::check_granularity(app_info:app_info, sig_segments:3);
if (empty_or_null(app_info['Detection Method']) && report_paranoia < 2)
audit(AUDIT_PARANOID);
var constraints = [
{ 'min_version' : '1.0.7', 'fixed_version' : '1.22.1' },
{ 'min_version' : '1.23.0', 'fixed_version' : '1.23.2' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%