{"cve": [{"lastseen": "2020-12-09T20:07:39", "description": "os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2016-06-07T14:06:00", "title": "CVE-2016-4450", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4450"], "modified": "2020-11-16T20:17:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/a:nginx:nginx:1.11.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-4450", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4450", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:nginx:nginx:1.11.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"]}], "f5": [{"lastseen": "2017-06-08T00:16:19", "bulletinFamily": "software", "cvelist": ["CVE-2016-4450"], "edition": 1, "description": "\nF5 Product Development has assigned ID 619926 (F5 iWorkflow) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Medium| Nginx \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Medium| Nginx \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Medium| Nginx \nBIG-IQ ADC| 4.5.0| None| Medium| Nginx \nBIG-IQ Centralized Management| 5.0.0 \n4.6.0| 5.1.0| Medium| Nginx \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Medium| Nginx \nF5 iWorkflow| 2.0.0| None| Medium| Nginx \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n", "modified": "2016-10-04T19:13:00", "published": "2016-10-04T02:31:00", "href": "https://support.f5.com/csp/article/K08250500", "id": "F5:K08250500", "title": "Nginx vulnerability CVE-2016-4450", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-10-04T17:24:42", "bulletinFamily": "software", "cvelist": ["CVE-2016-4450"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to SOL21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n", "modified": "2016-10-04T00:00:00", "published": "2016-10-03T00:00:00", "id": "SOL08250500", "href": "http://support.f5.com/kb/en-us/solutions/public/k/08/sol08250500.html", "type": "f5", "title": "SOL08250500 - Nginx vulnerability CVE-2016-4450", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:41", "bulletinFamily": "software", "cvelist": ["CVE-2016-4450"], "description": "CVE-2016-4450 Nginx Vulnerabilities\n\n# \n\nMedium\n\n# Vendor\n\nnginx, Cloud Foundry\n\n# Versions Affected\n\n * nginx before 1.10.1 and 1.11.x versions before 1.11.1 \n * Cloud Foundry staticfile buildpack prior to version 1.3.9 \n * Cloud Foundry cf-release prior to version 238 \n\n# Description\n\nos/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.\n\n# Mitigation\n\nUsers are strongly encouraged to follow one of the mitigations below:\n\n * Upgrade to Cloud Foundry version 238 or later \n * Upgrade the Cloud Foundry staticfile buildpack to version 1.3.9 or later and restage all applications that use automated buildpack detection\n\n# References\n\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450>\n", "edition": 5, "modified": "2016-07-13T00:00:00", "published": "2016-07-13T00:00:00", "id": "CFOUNDRY:7E643D3894ADF4F839871B17C265A598", "href": "https://www.cloudfoundry.org/blog/cve-2016-4450/", "title": "CVE-2016-4450 Nginx Vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:38", "bulletinFamily": "software", "cvelist": ["CVE-2016-4450"], "description": "USN-2991-1 nginx vulnerability\n\n# \n\nMedium\n\n# Vendor\n\nNginx, Canonical Ubuntu\n\n# Versions Affected\n\n * BOSH-release versions prior to 255.11 \n\n# Description\n\nIt was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.\n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * For BOSH-only deployments, upgrade BOSH-release to version 255.11 \n\n# References\n\n * [1] <http://bosh.io>\n * [2] <http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4450.html>\n", "edition": 5, "modified": "2016-06-13T00:00:00", "published": "2016-06-13T00:00:00", "id": "CFOUNDRY:596553F071DD27A4EDB0045E940B9DB3", "href": "https://www.cloudfoundry.org/blog/usn-2991-1/", "title": "USN-2991-1 nginx vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:35:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "description": "It was discovered that a NULL pointer\ndereference in the Nginx code responsible for saving client request bodies to a\ntemporary file might result in denial of service: Malformed requests could crash\nworker processes.", "modified": "2019-03-18T00:00:00", "published": "2016-06-01T00:00:00", "id": "OPENVAS:1361412562310703592", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703592", "type": "openvas", "title": "Debian Security Advisory DSA 3592-1 (nginx - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3592.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3592-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703592\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-4450\");\n script_name(\"Debian Security Advisory DSA 3592-1 (nginx - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-01 00:00:00 +0200 (Wed, 01 Jun 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3592.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"nginx on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthis problem has been fixed in version 1.6.2-5+deb8u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.10.1-1.\n\nWe recommend that you upgrade your nginx packages.\");\n script_tag(name:\"summary\", value:\"It was discovered that a NULL pointer\ndereference in the Nginx code responsible for saving client request bodies to a\ntemporary file might result in denial of service: Malformed requests could crash\nworker processes.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"nginx\", ver:\"1.6.2-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"nginx-common\", ver:\"1.6.2-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"nginx-doc\", ver:\"1.6.2-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.6.2-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"nginx-extras-dbg\", ver:\"1.6.2-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.6.2-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"nginx-full-dbg\", ver:\"1.6.2-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.6.2-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"nginx-light-dbg\", ver:\"1.6.2-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T22:55:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2016-10-26T00:00:00", "id": "OPENVAS:1361412562310120704", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120704", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-715)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120704\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:13 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-715)\");\n script_tag(name:\"insight\", value:\"A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file.\");\n script_tag(name:\"solution\", value:\"Run yum update nginx to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-715.html\");\n script_cve_id(\"CVE-2016-4450\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"nginx-debuginfo\", rpm:\"nginx-debuginfo~1.8.1~3.27.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~1.8.1~3.27.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-06-19T00:00:00", "id": "OPENVAS:1361412562310808464", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808464", "type": "openvas", "title": "Fedora Update for nginx FEDORA-2016-c329fc4c32", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nginx FEDORA-2016-c329fc4c32\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808464\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-19 05:26:29 +0200 (Sun, 19 Jun 2016)\");\n script_cve_id(\"CVE-2016-4450\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for nginx FEDORA-2016-c329fc4c32\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nginx'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"nginx on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-c329fc4c32\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2S5JWYSBSVKKV3NTUIFLXFGREORZQC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~1.10.1~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-06-08T00:00:00", "id": "OPENVAS:1361412562310808376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808376", "type": "openvas", "title": "Fedora Update for nginx FEDORA-2016-ea323bd6cf", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nginx FEDORA-2016-ea323bd6cf\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808376\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:41:19 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-4450\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for nginx FEDORA-2016-ea323bd6cf\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nginx'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"nginx on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-ea323bd6cf\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKHKJFTNXLSD4QLHYAFIKDSRXMNFU7YM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~1.8.1~3.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-06-03T00:00:00", "id": "OPENVAS:1361412562310842780", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842780", "type": "openvas", "title": "Ubuntu Update for nginx USN-2991-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for nginx USN-2991-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842780\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-03 05:28:39 +0200 (Fri, 03 Jun 2016)\");\n script_cve_id(\"CVE-2016-4450\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for nginx USN-2991-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nginx'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that nginx incorrectly\n handled saving client request bodies to temporary files. A remote attacker could\n possibly use this issue to cause nginx to crash, resulting in a denial of service.\");\n script_tag(name:\"affected\", value:\"nginx on Ubuntu 16.04 LTS,\n Ubuntu 15.10,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2991-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2991-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nginx-core\", ver:\"1.4.6-1ubuntu3.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.4.6-1ubuntu3.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.4.6-1ubuntu3.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.4.6-1ubuntu3.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nginx-core\", ver:\"1.10.0-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.10.0-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.10.0-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.10.0-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nginx-core\", ver:\"1.9.3-1ubuntu1.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.9.3-1ubuntu1.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.9.3-1ubuntu1.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.9.3-1ubuntu1.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:54:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "description": "It was discovered that a NULL pointer\ndereference in the Nginx code responsible for saving client request bodies to a\ntemporary file might result in denial of service: Malformed requests could crash\nworker processes.", "modified": "2017-07-07T00:00:00", "published": "2016-06-01T00:00:00", "id": "OPENVAS:703592", "href": "http://plugins.openvas.org/nasl.php?oid=703592", "type": "openvas", "title": "Debian Security Advisory DSA 3592-1 (nginx - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3592.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3592-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703592);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-4450\");\n script_name(\"Debian Security Advisory DSA 3592-1 (nginx - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-06-01 00:00:00 +0200 (Wed, 01 Jun 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3592.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"nginx on Debian Linux\");\n script_tag(name: \"insight\", value: \"Nginx ('engine X') is a high-performance\nweb and reverse proxy server created by Igor Sysoev. It can be used both as a\nstandalone web server and as a proxy to reduce the load on back-end HTTP or mail\nservers.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthis problem has been fixed in version 1.6.2-5+deb8u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.10.1-1.\n\nWe recommend that you upgrade your nginx packages.\");\n script_tag(name: \"summary\", value: \"It was discovered that a NULL pointer\ndereference in the Nginx code responsible for saving client request bodies to a\ntemporary file might result in denial of service: Malformed requests could crash\nworker processes.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"nginx\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-common\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-doc\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-extras-dbg\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-full-dbg\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nginx-light-dbg\", ver:\"1.6.2-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4450"], "description": "Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. ", "modified": "2016-06-07T01:27:24", "published": "2016-06-07T01:27:24", "id": "FEDORA:89F9F6078C32", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: nginx-1.8.1-3.fc23", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4450"], "description": "Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. ", "modified": "2016-06-18T19:48:54", "published": "2016-06-18T19:48:54", "id": "FEDORA:D7A3660E1893", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: nginx-1.10.1-1.fc24", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2020-03-17T22:48:46", "description": "The version of Arista Networks EOS running on the remote device is\naffected by a denial of service vulnerability in NGINX due to a NULL\npointer dereference flaw in the ngx_chain_to_iovec() function within\nfile os/unix/ngx_files.c when handling specially crafted requests. An\nunauthenticated, remote attacker can exploit this, via a specially\ncrafted request to write a client request body to a temporary file,\nto crash a worker process.", "edition": 12, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-02-28T00:00:00", "title": "Arista Networks EOS ngx_chain_to_iovec NULL Pointer Deference DoS (SA0021)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2018-02-28T00:00:00", "cpe": ["cpe:/o:arista:eos"], "id": "ARISTA_EOS_SA0021.NASL", "href": "https://www.tenable.com/plugins/nessus/107063", "sourceData": "#TRUSTED a53370ab260638ec90299228bb633bb0c5633e0e36a34d27e21d2425844058aa8dfa1ade0e194263b326950235458478c10b7b9c274315f3e84c6579da58dcada3f8a875bb0aa46545befdb46e8c6eb060f280a20ceefb4f01f370e78ae43ba48b2076ab08c96af1475ad965f64e2812b3b2e193b2fe5818d05507d06ecc792b5547329e1d68f5e75fecedc0262f6a7615fedda0483074d6dd41c4fe8bcfacc8d55b26e45d6e19d0c9d3221bd2d45955630d46dbd33cccd55267662844b2ebfe3cc9fdc4924366e561cc38c1f59d62246d1f744a8bbe2a3b392d9f0bed2b8b2b59b657972650b1f2160a5c06ad5e85f1a42470454ddd7e98170b768983b4fc5bf75078b1964371be040ef0e1eba17cdb4889cc279e6aa7d951a43d57de808ff82b41b068cc9bc9068adeed564ff7df4e292029ac02fb12191d5f5cfd8582ae0741a54772a2f5d25b15af499e61692853321ca26c75eb71b02234aa8206e5a0a2e649f58fb09c3b1341e549d0104a954ab2333c302ec6a788eabdaf144acdc74b7fbd773e5f6318354e38d37c897678724fc8f95acc7673baded73cb1c560d6f778682bc272a8b0b65a6397b6c377329f22bb4506d0b7f2eed7913b0697816f726ddcf53a130d29348c6c0c093191e1020dd125b15176003156bedaad5bdd235aafaccd936b58cc63d15e722f2dca8def57253d968276b3848d637b8be8dc45ed\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107063);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/13\");\n\n script_cve_id(\"CVE-2016-4450\");\n script_bugtraq_id(90967);\n\n script_name(english:\"Arista Networks EOS ngx_chain_to_iovec NULL Pointer Deference DoS (SA0021)\");\n script_summary(english:\"Checks the Arista Networks EOS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Arista Networks EOS running on the remote device is\naffected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Arista Networks EOS running on the remote device is\naffected by a denial of service vulnerability in NGINX due to a NULL\npointer dereference flaw in the ngx_chain_to_iovec() function within\nfile os/unix/ngx_files.c when handling specially crafted requests. An\nunauthenticated, remote attacker can exploit this, via a specially\ncrafted request to write a client request body to a temporary file,\nto crash a worker process.\");\n # https://www.arista.com/en/support/advisories-notices/security-advisories/1354-security-advisory-21\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b364c9b9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Contact the vendor for a fixed version, or apply the patch file\nreferenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:arista:eos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"arista_eos_detect.nbin\");\n script_require_keys(\"Host/Arista-EOS/Version\");\n\n exit(0);\n}\n\n\ninclude(\"arista_eos_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/Arista-EOS/Version\");\next = \"1.6.2/3236644.idburleydevdasturias.11\";\nsha = \"d7124b02ae8505436a94a0440b2c4192b801b30bd84ed1a9c3672c8c4891fadca18b6221237fb959436c5dd084e95bc97317606c41c6b173993becbc13c857e6\";\nif(eos_extension_installed(ext:ext, sha:sha)) exit(0, \"The Arista device is not vulnerable, as a relevant hotfix has been installed.\");\n\nvmatrix = make_array();\nvmatrix[\"all\"] = make_list(\"4.12\");\nvmatrix[\"F\"] = make_list(\"4.13.1.1<=4.13.6\",\n \"4.14.0<=4.14.4.2\",\n \"4.15.0<=4.15.4.1\");\nvmatrix[\"M\"] = make_list(\"4.13.7<=4.13.15\",\n \"4.14.5<=4.14.11\",\n \"4.15.5\",\n \"4.15.6\",\n \"4.16.6\");\n\nvmatrix[\"misc\"] = make_list(\"4.14.5FX\",\n \"4.14.5FX.1\",\n \"4.14.5FX.2\",\n \"4.14.5FX.3\",\n \"4.14.5FX.4\",\n \"4.14.5.1F-SSU\",\n \"4.15.0FX\",\n \"4.15.0FXA\",\n \"4.15.0FX1\",\n \"4.15.1FXB.1\",\n \"4.15.1FXB\",\n \"4.15.1FX-7060X\",\n \"4.15.1FX-7060QX\",\n \"4.15.3FX-7050X-72Q\",\n \"4.15.3FX-7060X.1\",\n \"4.15.3FX-7500E3\",\n \"4.15.3FX-7500E3.3\",\n \"4.15.4FX-7500E3\",\n \"4.15.5FX-7500R\",\n \"4.15.5FX-7500R-bgpscale\"\n );\n\nif (eos_is_affected(vmatrix:vmatrix, version:version))\n{\n security_report_v4(severity:SECURITY_WARNING, port:0, extra:eos_report_get());\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Arista Networks EOS\", version);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T06:43:43", "description": "It was discovered that nginx incorrectly handled saving client request\nbodies to temporary files. A remote attacker could possibly use this\nissue to cause nginx to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-06-03T00:00:00", "title": "Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : nginx vulnerability (USN-2991-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:nginx-core", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:nginx-extras", "cpe:/o:canonical:ubuntu_linux:15.10", "p-cpe:/a:canonical:ubuntu_linux:nginx-full", "p-cpe:/a:canonical:ubuntu_linux:nginx-light", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2991-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91451", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2991-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91451);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2016-4450\");\n script_xref(name:\"USN\", value:\"2991-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : nginx vulnerability (USN-2991-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that nginx incorrectly handled saving client request\nbodies to temporary files. A remote attacker could possibly use this\nissue to cause nginx to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2991-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-full\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-light\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|15\\.10|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.10 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nginx-core\", pkgver:\"1.4.6-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nginx-extras\", pkgver:\"1.4.6-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nginx-full\", pkgver:\"1.4.6-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nginx-light\", pkgver:\"1.4.6-1ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"nginx-core\", pkgver:\"1.9.3-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"nginx-extras\", pkgver:\"1.9.3-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"nginx-full\", pkgver:\"1.9.3-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"nginx-light\", pkgver:\"1.9.3-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-core\", pkgver:\"1.10.0-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-extras\", pkgver:\"1.10.0-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-full\", pkgver:\"1.10.0-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-light\", pkgver:\"1.10.0-0ubuntu0.16.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx-core / nginx-extras / nginx-full / nginx-light\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T01:19:22", "description": "A problem was identified in nginx code responsible for saving client\nrequest body to a temporary file. A specially crafted request might\nresult in worker process crash due to a NULL pointer dereference while\nwriting client request body to a temporary file.", "edition": 24, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-06-16T00:00:00", "title": "Amazon Linux AMI : nginx (ALAS-2016-715)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:nginx", "p-cpe:/a:amazon:linux:nginx-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-715.NASL", "href": "https://www.tenable.com/plugins/nessus/91629", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-715.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91629);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-4450\");\n script_xref(name:\"ALAS\", value:\"2016-715\");\n\n script_name(english:\"Amazon Linux AMI : nginx (ALAS-2016-715)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A problem was identified in nginx code responsible for saving client\nrequest body to a temporary file. A specially crafted request might\nresult in worker process crash due to a NULL pointer dereference while\nwriting client request body to a temporary file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-715.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update nginx' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nginx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"nginx-1.8.1-3.27.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nginx-debuginfo-1.8.1-3.27.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx / nginx-debuginfo\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:14:59", "description": "fix CVE-2016-4450\n\n----\n\nupdate to upstream release 1.8.1 to fix CVE-2016-4450\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-07-14T00:00:00", "title": "Fedora 23 : 1:nginx (2016-ea323bd6cf)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2016-07-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:nginx", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-EA323BD6CF.NASL", "href": "https://www.tenable.com/plugins/nessus/92194", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-ea323bd6cf.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92194);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4450\");\n script_xref(name:\"FEDORA\", value:\"2016-ea323bd6cf\");\n\n script_name(english:\"Fedora 23 : 1:nginx (2016-ea323bd6cf)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"fix CVE-2016-4450\n\n----\n\nupdate to upstream release 1.8.1 to fix CVE-2016-4450\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-ea323bd6cf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:nginx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"nginx-1.8.1-3.fc23\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:nginx\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:14:46", "description": "update to upstream release 1.10.1 to fix CVE-2016-4450\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-07-14T00:00:00", "title": "Fedora 24 : 1:nginx (2016-c329fc4c32)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2016-07-14T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:24", "p-cpe:/a:fedoraproject:fedora:1:nginx"], "id": "FEDORA_2016-C329FC4C32.NASL", "href": "https://www.tenable.com/plugins/nessus/92155", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-c329fc4c32.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92155);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4450\");\n script_xref(name:\"FEDORA\", value:\"2016-c329fc4c32\");\n\n script_name(english:\"Fedora 24 : 1:nginx (2016-c329fc4c32)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update to upstream release 1.10.1 to fix CVE-2016-4450\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-c329fc4c32\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:nginx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"nginx-1.10.1-1.fc24\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:nginx\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:49:37", "description": "It was discovered that a NULL pointer dereference in the Nginx code\nresponsible for saving client request bodies to a temporary file might\nresult in denial of service: Malformed requests could crash worker\nprocesses.", "edition": 24, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-06-02T00:00:00", "title": "Debian DSA-3592-1 : nginx - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2016-06-02T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:nginx"], "id": "DEBIAN_DSA-3592.NASL", "href": "https://www.tenable.com/plugins/nessus/91431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3592. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91431);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4450\");\n script_xref(name:\"DSA\", value:\"3592\");\n\n script_name(english:\"Debian DSA-3592-1 : nginx - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that a NULL pointer dereference in the Nginx code\nresponsible for saving client request bodies to a temporary file might\nresult in denial of service: Malformed requests could crash worker\nprocesses.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/nginx\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3592\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the nginx packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.6.2-5+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"nginx\", reference:\"1.6.2-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-common\", reference:\"1.6.2-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-doc\", reference:\"1.6.2-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-extras\", reference:\"1.6.2-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-extras-dbg\", reference:\"1.6.2-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-full\", reference:\"1.6.2-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-full-dbg\", reference:\"1.6.2-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-light\", reference:\"1.6.2-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-light-dbg\", reference:\"1.6.2-5+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-09T02:56:49", "description": "According to the self-reported version in its response header, the\nversion of nginx hosted on the remote web server is less than 1.10.1,\n or 1.11.x less than 1.11.1. It is, therefore, affected by a denial of \nservice vulnerability", "edition": 14, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-10-16T00:00:00", "title": "nginx < 1.10.1 / 1.11.x < 1.11.1 Denial-of-Service Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2018-10-16T00:00:00", "cpe": ["cpe:/a:igor_sysoev:nginx"], "id": "NGINX_1_11_1.NASL", "href": "https://www.tenable.com/plugins/nessus/118150", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118150);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/08\");\n\n script_cve_id(\"CVE-2016-4450\");\n script_bugtraq_id(90967);\n\n script_name(english:\"nginx < 1.10.1 / 1.11.x < 1.11.1 Denial-of-Service Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a denial of service\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the self-reported version in its response header, the\nversion of nginx hosted on the remote web server is less than 1.10.1,\n or 1.11.x less than 1.11.1. It is, therefore, affected by a denial of \nservice vulnerability\");\n # http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d0e3888\");\n script_set_attribute(attribute:\"see_also\", value:\"http://nginx.org/en/security_advisories.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to nginx version 1.10.1 / 1.11.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:igor_sysoev:nginx\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nginx_nix_installed.nbin\");\n script_require_keys(\"Settings/ParanoidReport\", \"installed_sw/nginx\");\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nappname = 'nginx';\nget_install_count(app_name:appname, exit_if_zero:TRUE);\napp_info = vcf::combined_get_app_info(app:appname);\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\n# If the detection is only remote, Detection Method won't be set, and we should require paranoia\nif (empty_or_null(app_info['Detection Method']) && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nconstraints = [\n {'fixed_version' : '1.10.1', 'min_version' : '1.3.9', 'fixed_display' : '1.10.1 / 1.11.1'},\n {'fixed_version' : '1.11.1', 'min_version' : '1.11.0'}\n ];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T10:48:53", "description": "Maxim Dounin reports :\n\nA problem was identified in nginx code responsible for saving client\nrequest body to a temporary file. A specially crafted request might\nresult in worker process crash due to a NULL pointer dereference while\nwriting client request body to a temporary file.", "edition": 25, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-06-01T00:00:00", "title": "FreeBSD : nginx -- a specially crafted request might result in worker process crash (36cf7670-2774-11e6-af29-f0def16c5c1b)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2016-06-01T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:nginx-devel", "p-cpe:/a:freebsd:freebsd:nginx"], "id": "FREEBSD_PKG_36CF7670277411E6AF29F0DEF16C5C1B.NASL", "href": "https://www.tenable.com/plugins/nessus/91399", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91399);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-4450\");\n\n script_name(english:\"FreeBSD : nginx -- a specially crafted request might result in worker process crash (36cf7670-2774-11e6-af29-f0def16c5c1b)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Maxim Dounin reports :\n\nA problem was identified in nginx code responsible for saving client\nrequest body to a temporary file. A specially crafted request might\nresult in worker process crash due to a NULL pointer dereference while\nwriting client request body to a temporary file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html\"\n );\n # https://vuxml.freebsd.org/freebsd/36cf7670-2774-11e6-af29-f0def16c5c1b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f908155\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nginx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"nginx>=1.4.0<1.8.1_3,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"nginx>=1.10.0,2<1.10.1,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"nginx-devel>=1.3.9<1.9.15_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"nginx-devel>=1.10.0<1.11.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:32:03", "description": "This update for nginx fixes the following vulnerability :\n\n - CVE-2016-4450: Remote attackers could have caused a\n denial of service (NULL pointer dereference and worker\n process crash) via a crafted request, involving writing\n a client request body to a temporary file.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-02T00:00:00", "title": "openSUSE Security Update : nginx (openSUSE-2017-192)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450"], "modified": "2017-02-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nginx-debuginfo", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:nginx-debugsource", "p-cpe:/a:novell:opensuse:nginx"], "id": "OPENSUSE-2017-192.NASL", "href": "https://www.tenable.com/plugins/nessus/96943", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-192.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96943);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-4450\");\n\n script_name(english:\"openSUSE Security Update : nginx (openSUSE-2017-192)\");\n script_summary(english:\"Check for the openSUSE-2017-192 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nginx fixes the following vulnerability :\n\n - CVE-2016-4450: Remote attackers could have caused a\n denial of service (NULL pointer dereference and worker\n process crash) via a crafted request, involving writing\n a client request body to a temporary file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982505\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nginx packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nginx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nginx-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"nginx-1.8.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"nginx-debuginfo-1.8.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"nginx-debugsource-1.8.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"nginx-1.8.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"nginx-debuginfo-1.8.1-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"nginx-debugsource-1.8.1-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx / nginx-debuginfo / nginx-debugsource\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-10-14T08:51:56", "description": "The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 8.1.14 or 8.0.x prior to 8.1.14 or\n8.1.x prior to 8.1.14 or 9.0.x prior to 9.0.7. It is, therefore, affected by a vulnerability.\n\n - The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable \n permissions for the (1) access.log and (2) error.log files, which allows local users \n to obtain sensitive information by reading the files. (CVE-2013-0337)\n \n - os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote \n attackers to cause a denial of service (NULL pointer dereference and worker process \n crash) via a crafted request, involving writing a client request body to a temporary \n file. (CVE-2016-4450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 7.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2020-05-22T00:00:00", "title": "Palo Alto Networks PAN-OS 7.1.x < 8.1.14 / 8.0.x < 8.1.14 / 8.1.x < 8.1.14 / 9.0.x < 9.0.7 Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4450", "CVE-2013-0337"], "modified": "2020-05-22T00:00:00", "cpe": ["cpe:/o:paloaltonetworks:pan-os"], "id": "PALO_ALTO_PAN-SA-2020-0006.NASL", "href": "https://www.tenable.com/plugins/nessus/136826", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136826);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/13\");\n\n script_cve_id(\"CVE-2013-0337\", \"CVE-2016-4450\");\n\n script_name(english:\"Palo Alto Networks PAN-OS 7.1.x < 8.1.14 / 8.0.x < 8.1.14 / 8.1.x < 8.1.14 / 9.0.x < 9.0.7 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PAN-OS host is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 8.1.14 or 8.0.x prior to 8.1.14 or\n8.1.x prior to 8.1.14 or 9.0.x prior to 9.0.7. It is, therefore, affected by a vulnerability.\n\n - The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable \n permissions for the (1) access.log and (2) error.log files, which allows local users \n to obtain sensitive information by reading the files. (CVE-2013-0337)\n \n - os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote \n attackers to cause a denial of service (NULL pointer dereference and worker process \n crash) via a crafted request, involving writing a client request body to a temporary \n file. (CVE-2016-4450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.paloaltonetworks.com/PAN-SA-2020-0006\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PAN-OS 8.1.14 / 8.1.14 / 8.1.14 / 9.0.7 or later\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0337\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:paloaltonetworks:pan-os\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Palo Alto Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"palo_alto_version.nbin\");\n script_require_keys(\"Host/Palo_Alto/Firewall/Version\", \"Host/Palo_Alto/Firewall/Full_Version\", \"Host/Palo_Alto/Firewall/Source\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvcf::palo_alto::initialize();\n\napp_name = 'Palo Alto Networks PAN-OS';\n\napp_info = vcf::get_app_info(app:app_name, kb_ver:'Host/Palo_Alto/Firewall/Full_Version', kb_source:'Host/Palo_Alto/Firewall/Source');\n\nconstraints = [\n { 'min_version' : '7.1.0', 'fixed_version' : '8.1.14' },\n { 'min_version' : '8.0.0', 'fixed_version' : '8.1.14' },\n { 'min_version' : '8.1.0', 'fixed_version' : '8.1.14' },\n { 'min_version' : '9.0.0', 'fixed_version' : '9.0.7' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:40", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4450"], "description": "A vulnerability was found in nginx code responsible for saving client\nrequest body to a temporary file. A specially crafted request might\nresult in worker process crash due to a NULL pointer dereference while\nhandling the client request body.", "modified": "2016-06-01T00:00:00", "published": "2016-06-01T00:00:00", "id": "ASA-201606-2", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html", "type": "archlinux", "title": "nginx-mainline: denial of service", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:36", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4450"], "description": "A vulnerability was found in nginx code responsible for saving client\nrequest body to a temporary file. A specially crafted request might\nresult in worker process crash due to a NULL pointer dereference while\nhandling the client request body.", "modified": "2016-06-01T00:00:00", "published": "2016-06-01T00:00:00", "id": "ASA-201606-1", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html", "type": "archlinux", "title": "nginx: denial of service", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "hackerone": [{"lastseen": "2018-04-19T17:34:13", "bulletinFamily": "bugbounty", "bounty": 0.0, "cvelist": ["CVE-2016-4450"], "description": "The https://help.nextcloud.com sub-site is running Nginx/1.10.0 which is vuln to a known issue (CVE-2016-4450) which allows a remote malformed HTTP request to cause the Nginx process to crash.\n\nDoS testing is mentioned as not requested, but if you know of an issue give it a go .. \n\nYou can determine the version running by requesting the IP of the site and getting the HTTP 301, eg: https://88.198.160.135\n\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4450", "modified": "2016-07-27T20:51:19", "published": "2016-06-17T14:10:20", "id": "H1:145409", "href": "https://hackerone.com/reports/145409", "type": "hackerone", "title": "Nextcloud: help.nextcloud.com: Known DoS condition (null pointer deref) in Nginx running", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2020-07-02T11:33:41", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4450"], "description": "It was discovered that nginx incorrectly handled saving client request \nbodies to temporary files. A remote attacker could possibly use this issue \nto cause nginx to crash, resulting in a denial of service.", "edition": 5, "modified": "2016-06-02T00:00:00", "published": "2016-06-02T00:00:00", "id": "USN-2991-1", "href": "https://ubuntu.com/security/notices/USN-2991-1", "title": "nginx vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:37:40", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4450"], "description": "**Issue Overview:**\n\nA problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file.\n\n \n**Affected Packages:** \n\n\nnginx\n\n \n**Issue Correction:** \nRun _yum update nginx_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n nginx-debuginfo-1.8.1-3.27.amzn1.i686 \n nginx-1.8.1-3.27.amzn1.i686 \n \n src: \n nginx-1.8.1-3.27.amzn1.src \n \n x86_64: \n nginx-1.8.1-3.27.amzn1.x86_64 \n nginx-debuginfo-1.8.1-3.27.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2016-06-15T13:30:00", "published": "2016-06-15T13:30:00", "id": "ALAS-2016-715", "href": "https://alas.aws.amazon.com/ALAS-2016-715.html", "title": "Medium: nginx", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:41", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4450"], "description": "\nMaxim Dounin reports:\n\nA problem was identified in nginx code responsible for saving\n\t client request body to a temporary file. A specially crafted\n\t request might result in worker process crash due to a NULL\n\t pointer dereference while writing client request body to a\n\t temporary file.\n\n", "edition": 4, "modified": "2016-06-05T00:00:00", "published": "2016-05-31T00:00:00", "id": "36CF7670-2774-11E6-AF29-F0DEF16C5C1B", "href": "https://vuxml.freebsd.org/freebsd/36cf7670-2774-11e6-af29-f0def16c5c1b.html", "title": "nginx -- a specially crafted request might result in worker process crash", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-08-12T00:59:59", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4450"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3592-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJune 01, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nginx\nCVE ID : CVE-2016-4450\n\nIt was discovered that a NULL pointer dereference in the Nginx code \nresponsible for saving client request bodies to a temporary file might\nresult in denial of service: Malformed requests could crash worker\nprocesses.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.6.2-5+deb8u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.10.1-1.\n\nWe recommend that you upgrade your nginx packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2016-06-01T18:31:44", "published": "2016-06-01T18:31:44", "id": "DEBIAN:DSA-3592-1:D95F9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00169.html", "title": "[SECURITY] [DSA 3592-1] nginx security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:09", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0742", "CVE-2016-0746", "CVE-2016-0747", "CVE-2016-4450"], "description": "Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.\n\nThe following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).\n\nSecurity Fix(es):\n\n* A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash. (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration. (CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. (CVE-2016-0747)", "modified": "2018-06-13T01:28:18", "published": "2016-07-14T08:53:33", "id": "RHSA-2016:1425", "href": "https://access.redhat.com/errata/RHSA-2016:1425", "type": "redhat", "title": "(RHSA-2016:1425) Moderate: rh-nginx18-nginx security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:04", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0746", "CVE-2016-0747", "CVE-2016-4450", "CVE-2013-3587", "CVE-2016-0742"], "description": "### Background\n\nnginx is a robust, small, and high performance HTTP and reverse proxy server. \n\n### Description\n\nMultiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly cause a Denial of Service condition via a crafted packet. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll nginx users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/nginx-1.10.1\"", "edition": 1, "modified": "2016-06-17T00:00:00", "published": "2016-06-17T00:00:00", "id": "GLSA-201606-06", "href": "https://security.gentoo.org/glsa/201606-06", "type": "gentoo", "title": "nginx: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}