Moderate: nginx:1.22 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...

ALSA-2023:6120 Moderate: nginx:1.22 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...

CLSA-2023-1698101447 nginx: Fix of CVE-2023-44487

CVE-2023-44487: HTTP/2 - per-iteration stream handling limit...

nginx: Fix of CVE-2023-44487

CVE-2023-44487: HTTP/2 - per-iteration stream handling limit...

BIT-2023-44388

Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to...

Exploit for Off-by-one Error in F5 Nginx

CVE-2021-23017 CVE-2021-23017-PoC python3 poc.py --ta...

The vulnerability of the Nginx module NAXSI, related to the violation of data protection mechanisms, allows attackers to circumvent existing security restrictions.

The vulnerability of the Nginx module NAXSI is related to a flaw in the data protection mechanism. Exploiting this vulnerability allows an attacker, operating remotely, to circumvent existing security restrictions...

CLSA-2023-1697817547 nginx: Fix of CVE-2023-44487

CVE-2023-44487: HTTP/2 - per-iteration stream handling limit...

Ubuntu 16.04 ESM : Phusion Passenger vulnerabilities (USN-5261-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5261-1 advisory. It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to rea...

Important Photon OS Security Update - PHSA-2023-3.0-0672

Updates of 'binutils', 'nginx' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2023-5.0-0123

Updates of 'nginx' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2023-4.0-0495

Updates of 'nginx' packages of Photon OS have been released...

Amazon Linux AMI : nginx (ALAS-2023-1870)

The version of nginx installed on the remote host is prior to 1.18.0-1.45. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1870 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2023-393)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-393 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Amazon Linux 2 : nginx (ALASNGINX1-2023-006)

The version of nginx installed on the remote host is prior to 1.22.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2023-006 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...

GHSA-9WMC-RG4H-28WV github.com/kumahq/kuma affected by CVE-2023-44487

Impact Envoy and Go HTTP/2 protocol stack is vulnerable to the "Rapid Reset" class of exploits, which send a sequence of HEADERS frames optionally followed by RSTSTREAM frames. This can be exercised if you use the builtin gateway and receive untrusted http2 traffic. Patches...

nginx security update

1:1.20.1-14.0.1.1 - Resolves: RHEL-12518 - nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487...

Important: nginx

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nginx Issue Correction: Run yum update nginx or yum...

Oracle Linux 9 : nginx (ELSA-2023-5711)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5711 advisory. 1:1.20.1-14.0.1.1 - Resolves: RHEL-12518 - nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487...

Oracle Linux 8 : nginx:1.22 (ELSA-2023-5713)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5713 advisory. 1:1.22.1-1.0.1.1 - Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset...