6253 matches found
USN-4235-2 nginx vulnerability
USN-4235-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain errorpage configurations. A remote attacker could possibly use this...
Exposed Endpoints
github.com/kubernetes/ingress-nginx is uses publicly exposed endpoints. The prometheus metrics and healthz of the Kubernetes defaultbackend can be accessed by a remote attacker using a port-forward request to access the publicly accessible metrics...
Ubuntu 16.04 LTS / 18.04 LTS : nginx vulnerability (USN-4235-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4235-1 advisory. Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain errorpage configurations. A remote attacker could possibly...
openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2020-45)
This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Security issue fixed : - CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory bsc1152308. Bug fixes : - Update to Docker...
Vulnerabilities fixed in Nginx
A malicious party could exploit the vulnerability to obtain system data obtain system data. To exploit the vulnerability, the malicious party must make a specially prepared HTTP request. The developers of Nginx have made updates available to fix the vulnerability. You can download the updates fro...
nginx 0.7.12 < 1.17.7 HTTP Request Smuggling Vulnerability
nginx, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where nginx is being fronted by a load balancer. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be...
openSUSE: Security Advisory for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (openSUSE-SU-2020:0045-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Ubuntu: Security Advisory (USN-4235-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4235-1: nginx vulnerability
Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain errorpage configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations...
USN-4235-1 nginx vulnerability
Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain errorpage configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations...
CVE-2019-20372
NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. Mitigation To mitigate this issue, use a named location instead ...
Freelancy 1.0.0 Remote Code Execution
Exploit Title: Freelancy - Freelance Management App v1.0.0 - RCE Authenticated Arbitrary File Download Date: 03-01-2019 Exploit Author: Ismail Tasdelen Vendor Homepage: https://vaaip.com/ Software Link: https://codecanyon.net/item/freelancy-freelance-project-management-application/25288636...
nginx 0.8.x < 0.8.33 / 0.7.x < 0.7.65 Windows Filename Pseudonyms (CORE-2010-0121)
According to its server response header, the installed version of nginx is 0.7.52 and prior to 0.7.65, or 0.8.x prior to 0.8.33. It is, therefore, affected by a flaw in Windows installations of nginx. This is due to nginx mishandling DOS-compatible 8.3 short filenames. An unauthenticated, remote...
HTTP Request Smuggling
github.com/kubernetes/ingress-nginx is vulnerable to HTTP request smuggling. The library does not use a named location for authSignURL, allowing a malicious user to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...
DEBIAN-CVE-2019-20372
NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...
CVE-2019-20372
NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...
CVE-2019-20372
NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...
ALPINE-CVE-2019-20372
NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...
Design/Logic Flaw
NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...
CVE-2019-20372
NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...