K000133251: Overview of F5 vulnerabilities (May 2023)

Security Advisory Description On May 3, 2023, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...

K000133233: NGINX Management Suite vulnerability CVE-2023-28724

Security Advisory Description NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. CVE-2023-28724 Impact Incorrect permissions on certain files may cause a...

K000133417: NGINX Management Suite vulnerability CVE-2023-28656

Security Advisory Description NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. CVE-2023-28656 Impact This vulnerability may allow an authenticated attacker to bypass the authorization policy and read or modif...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in F5 NGINX

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of F5 NGINX . Vulnerability Details CVEID:CVE-2022-41743 DESCRIPTION: F5 NGINX products are vulnerable to a denial of service, caused by a flaw in the ngxhttphlsmodule module. By using a...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This is a repository for Vulhub, a collection of vulnerable environments for testing and learning about web application security. The repository contains a variety of vulnerable environments, including web servers, databases, and applications, which can be used to test and demonstrate various typ...

The vulnerability in the Roxy-WI web interface for managing Haproxy, Nginx, Apache, and Keepalived allows a attacker to gain unauthorized access to protected information.

The vulnerability in the Roxy-WI web interface for managing Haproxy, Nginx, Apache, and Keepalived is related to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...

CVE-2020-19695 affecting package nginx for versions less than 1.22.1-5

CVE-2020-19695 affecting package nginx for versions less than 1.22.1-5. A patched version of the package is available...

Path traversal

hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI 6.3.9.0 at the moment of writing this report. The vulnerability can be exploited via an HTTP request to /app/options.py and the...

CVE-2023-29004 Path Traversal Vulnerability in hap-wi/roxy-wi

hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI 6.3.9.0 at the moment of writing this report. The vulnerability can be exploited via an HTTP request to /app/options.py and the...

CVE-2023-29004 Path Traversal Vulnerability in hap-wi/roxy-wi

hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI 6.3.9.0 at the moment of writing this report. The vulnerability can be exploited via an HTTP request to /app/options.py and the...

CVE-2023-29004

CVE-2023-29004 affects hap-wi/roxy-wi (Roxy-WI) web interface. Versions around 6.3.9.0 and earlier are vulnerable. The flaw is a path traversal in the /app/modules/config/config.py get_config function, which only checks for relative traversals yet allows reading files from absolute paths supplied...

Roxy-WI 路径遍历漏洞

Roxy-WI is an open source web interface for managing Haproxy, Nginx and Keepalived servers. A path traversal vulnerability exists in Roxy-WI version 6.3.9.0 and earlier, which stems from the presence of a path traversal vulnerability that can be exploited by an attacker to gain access to the...

PT-2023-2758 · Nginx · Nginx Instance Manager +3

Name of the Vulnerable Software and Affected Versions: NGINX Management Suite affected versions not specified NGINX Instance Manager affected versions not specified NGINX API Connectivity Manager affected versions not specified NGINX Security Monitoring affected versions not specified Description...

PT-2023-2757 · Nginx · Nginx Instance Manager +3

Name of the Vulnerable Software and Affected Versions: NGINX Management Suite affected versions not specified NGINX Instance Manager affected versions not specified NGINX API Connectivity Manager affected versions not specified NGINX Security Monitoring affected versions not specified Description...

Anarchy in the UK? Not Quite: A look at the cyber health of the FTSE 350

The attack surface of the United Kingdom's 350 largest publicly traded companies has—drum roll, please—improved. But it could be better. Those are the high level findings of the latest in Rapid7's looks at the cybersecurity health of companies tied to some of the globe's largest stock indices. Th...

The vulnerability of the Nginx Proxy Manager, a proxy server for managing hosts, arises from its lack of data cleansing measures at the management level. This allows attackers to execute arbitrary code.

The vulnerability of the Nginx Proxy Manager, a proxy server for managing hosts, is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the nginx reverse proxy server configuration of the Cisco Finesse automation software allows a hacker to induce a service failure.

The vulnerability of the nginx reverse proxy server configuration of the Cisco Finesse automation software involves an incorrect authentication process. Exploiting this vulnerability allows a malicious actor to cause service failures...

Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.

...

Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.

...

The vulnerability of the NGINX Agent and the NGINX Instance Manager automation platform, related to insufficient protection of registration data, allows a perpetrator to gain access to secret keys.

The vulnerability of the NGINX Agent and the NGINX Instance Manager automation platform is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to gain access to secret keys...