9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.871 High
EPSS
Percentile
98.3%
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).
Security Fix(es):
A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash. (CVE-2016-4450)
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. (CVE-2016-0742)
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration. (CVE-2016-0746)
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. (CVE-2016-0747)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | x86_64 | rh-nginx18-nginx-debuginfo | < 1.8.1-1.el6 | rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm |
RedHat | 7 | x86_64 | rh-nginx18-nginx | < 1.8.1-1.el7 | rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm |
RedHat | 7 | x86_64 | rh-nginx18-nginx-debuginfo | < 1.8.1-1.el7 | rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm |
RedHat | 6 | x86_64 | rh-nginx18-nginx | < 1.8.1-1.el6 | rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm |
RedHat | 7 | src | rh-nginx18-nginx | < 1.8.1-1.el7 | rh-nginx18-nginx-1.8.1-1.el7.src.rpm |
RedHat | 6 | src | rh-nginx18-nginx | < 1.8.1-1.el6 | rh-nginx18-nginx-1.8.1-1.el6.src.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.871 High
EPSS
Percentile
98.3%