DATABASE RESOURCES PRICING ABOUT US

{"id": "NGINX_1_5_11.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "nginx 1.5.10 SPDY Memory Corruption", "description": "According to the self-reported version in the server response header, the installed nginx version is 1.5.10. It is, therefore, affected by a memory corruption vulnerability.\n\nA flaw exists with the SPDY module implementation, where worker process memory could be corrupted via a specially crafted request.\nThis could allow a remote attacker to execute arbitrary code.\n\nNote that Nessus has not tested for this issue or otherwise determined if a patch is applied but has instead relied only on the application's self-reported version number.", "published": "2014-05-06T00:00:00", "modified": "2022-04-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "href": "https://www.tenable.com/plugins/nessus/73894", "reporter": "This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://nginx.org/en/security_advisories.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0088", "http://nginx.org/en/CHANGES", "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html", "http://nginx.org/download/patch.2014.spdy.txt"], "cvelist": ["CVE-2014-0088"], "immutableFields": [], "lastseen": "2022-04-16T14:03:53", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-0088"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-0088"]}, {"type": "freebsd", "idList": ["89DB3B31-A4C3-11E3-978F-F0DEF16C5C1B"]}, {"type": "hackerone", "idList": ["H1:4689"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_89DB3B31A4C311E3978FF0DEF16C5C1B.NASL", "WEB_APPLICATION_SCANNING_98954"]}, {"type": "nginx", "idList": ["NGINX:CVE-2014-0088"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-0088"]}]}, "score": {"value": 7.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "canvas", "idList": ["NGINX"]}, {"type": "cve", "idList": ["CVE-2014-0088"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-0088"]}, {"type": "freebsd", "idList": ["89DB3B31-A4C3-11E3-978F-F0DEF16C5C1B"]}, {"type": "nessus", "idList": ["NGINX_DETECT.NASL"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-0088"]}]}, "exploitation": null, "vulnersScore": 7.0}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "pluginID": "73894", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73894);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-0088\");\n script_bugtraq_id(67507);\n\n script_name(english:\"nginx 1.5.10 SPDY Memory Corruption\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a memory corruption\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the self-reported version in the server response header,\nthe installed nginx version is 1.5.10. It is, therefore, affected by a\nmemory corruption vulnerability.\n\nA flaw exists with the SPDY module implementation, where worker\nprocess memory could be corrupted via a specially crafted request.\nThis could allow a remote attacker to execute arbitrary code.\n\nNote that Nessus has not tested for this issue or otherwise determined\nif a patch is applied but has instead relied only on the\napplication's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://nginx.org/en/security_advisories.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://nginx.org/download/patch.2014.spdy.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://nginx.org/en/CHANGES\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the patch manually or upgrade to nginx 1.5.11 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:nginx:nginx\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nginx_detect.nasl\", \"nginx_nix_installed.nbin\");\n script_require_keys(\"installed_sw/nginx\");\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nappname = 'nginx';\nget_install_count(app_name:appname, exit_if_zero:TRUE);\napp_info = vcf::combined_get_app_info(app:appname);\n\nvcf::check_all_backporting(app_info:app_info);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n# If the detection is only remote, Detection Method won't be set, and we should require paranoia\nif (empty_or_null(app_info['Detection Method']) && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nconstraints = [{'fixed_version' : '1.5.11', 'min_version' : '1.5.10'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Web Servers", "cpe": ["cpe:/a:nginx:nginx"], "solution": "Apply the patch manually or upgrade to nginx 1.5.11 or later.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2014-0088", "vpr": {"risk factor": "Low", "score": "3.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2014-03-04T00:00:00", "vulnerabilityPublicationDate": "2014-03-04T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2021-08-19T12:50:56", "description": "The nginx project reports :\n\nA bug in the experimental SPDY implementation in nginx 1.5.10 was found, which might allow an attacker to corrupt worker process memory by using a specially crafted request, potentially resulting in arbitrary code execution (CVE-2014-0088).\n\nThe problem only affects nginx 1.5.10 on 32-bit platforms, compiled with the ngx_http_spdy_module module (which is not compiled by default), if the 'spdy' option of the 'listen' directive is used in a configuration file.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-06T00:00:00", "type": "nessus", "title": "FreeBSD : nginx -- SPDY memory corruption (89db3b31-a4c3-11e3-978f-f0def16c5c1b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0088"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:nginx-devel", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_89DB3B31A4C311E3978FF0DEF16C5C1B.NASL", "href": "https://www.tenable.com/plugins/nessus/72849", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72849);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0088\");\n\n script_name(english:\"FreeBSD : nginx -- SPDY memory corruption (89db3b31-a4c3-11e3-978f-f0def16c5c1b)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The nginx project reports :\n\nA bug in the experimental SPDY implementation in nginx 1.5.10 was\nfound, which might allow an attacker to corrupt worker process memory\nby using a specially crafted request, potentially resulting in\narbitrary code execution (CVE-2014-0088).\n\nThe problem only affects nginx 1.5.10 on 32-bit platforms, compiled\nwith the ngx_http_spdy_module module (which is not compiled by\ndefault), if the 'spdy' option of the 'listen' directive is used in a\nconfiguration file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html\"\n );\n # https://vuxml.freebsd.org/freebsd/89db3b31-a4c3-11e3-978f-f0def16c5c1b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36a9b1d1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nginx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"nginx-devel=1.5.10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:57:14", "description": "According to the self-reported version in the server response header, the installed nginx version is 1.5.10. It is, therefore, affected by a memory corruption vulnerability.\n\nA flaw exists with the SPDY module implementation, where worker process memory could be corrupted via a specially crafted request. This could allow a remote attacker to execute arbitrary code.\n\nNote that the scanner has not tested for this issue or otherwise determined if a patch is applied but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "Nginx 1.5.10 SPDY Memory Corruption", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0088"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98954", "href": "https://www.tenable.com/plugins/was/98954", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\nThe nginx project reports:\n\nA bug in the experimental SPDY implementation in nginx 1.5.10 was found,\n\t which might allow an attacker to corrupt worker process memory by using\n\t a specially crafted request, potentially resulting in arbitrary code\n\t execution (CVE-2014-0088).\nThe problem only affects nginx 1.5.10 on 32-bit platforms, compiled with\n\t the ngx_http_spdy_module module (which is not compiled by default), if\n\t the \"spdy\" option of the \"listen\" directive is used in a configuration\n\t file.\n\n\n", "cvss3": {}, "published": "2014-03-04T00:00:00", "type": "freebsd", "title": "nginx -- SPDY memory corruption", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0088"], "modified": "2014-03-04T00:00:00", "id": "89DB3B31-A4C3-11E3-978F-F0DEF16C5C1B", "href": "https://vuxml.freebsd.org/freebsd/89db3b31-a4c3-11e3-978f-f0def16c5c1b.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:56:10", "description": "The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10\nbefore 1.5.11, when running on a 32-bit platform, allows remote attackers\nto execute arbitrary code via a crafted request.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | only affects 1.5.x\n", "cvss3": {}, "published": "2014-04-29T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0088", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0088"], "modified": "2014-04-29T00:00:00", "id": "UB:CVE-2014-0088", "href": "https://ubuntu.com/security/CVE-2014-0088", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "hackerone": [{"lastseen": "2018-08-31T00:39:12", "bounty": 3000.0, "description": "A bug in the experimental SPDY implementation in nginx 1.5.10 was found, which might allow an attacker to corrupt worker process memory by using a specially crafted request, potentially resulting in arbitrary code execution (CVE-2014-0088).\n\nThe problem only affects nginx 1.5.10 on 32-bit platforms, compiled with the ngx_http_spdy_module module (which is not compiled by default), if the \"spdy\" option of the \"listen\" directive is used in a configuration file.\n\nThe problem is fixed in nginx 1.5.11.\n\nPatch for the problem can be found here:\n\nhttp://nginx.org/download/patch.2014.spdy.txt\n\nThanks to Lucas Molas, researcher at Programa STIC, Fundaci\u00f3n Dr. Manuel Sadosky, Buenos Aires, Argentina.\n", "edition": 2, "cvss3": {}, "published": "2014-03-24T21:54:07", "type": "hackerone", "title": "Nginx (IBB): SPDY memory corruption", "bulletinFamily": "bugbounty", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0088"], "modified": "2014-03-24T21:54:07", "id": "H1:4689", "href": "https://hackerone.com/reports/4689", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2022-03-23T11:59:26", "description": "The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.", "cvss3": {}, "published": "2014-04-29T14:38:00", "type": "cve", "title": "CVE-2014-0088", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0088"], "modified": "2021-11-10T15:59:00", "cpe": ["cpe:/a:f5:nginx:1.5.10"], "id": "CVE-2014-0088", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0088", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:f5:nginx:1.5.10:*:*:*:*:*:*:*"]}], "nginx": [{"lastseen": "2021-07-28T14:33:04", "description": "SPDY memory corruption\nSeverity: major\nCVE-2014-0088\nNot vulnerable: 1.5.11+\nVulnerable: 1.5.10", "cvss3": {}, "published": "2014-04-29T14:38:00", "type": "nginx", "title": "SPDY memory corruption", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0088"], "modified": "2014-04-29T14:38:00", "id": "NGINX:CVE-2014-0088", "href": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-07-04T06:01:08", "description": "The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.", "cvss3": {}, "published": "2014-04-29T14:38:00", "type": "debiancve", "title": "CVE-2014-0088", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0088"], "modified": "2014-04-29T14:38:00", "id": "DEBIANCVE:CVE-2014-0088", "href": "https://security-tracker.debian.org/tracker/CVE-2014-0088", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}