GHSA-85RF-XH54-WHP3 Malicious URL drafting attack against iodines static file server may allow path traversal

Impact A path traversal vulnerability was detected in iodine's static file service. This vulnerability effects any application running iodine's static file server on an effected iodine version. Malicious URL drafting may cause the static file server to attempt a response containing data from file...

PT-2019-19979 · Iodine · Iodine

Name of the Vulnerable Software and Affected Versions: Iodine versions less than 0.7.33 Description: A path traversal issue in the static file service allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs. This can be achieved by drafting malicious...

Malicious URL drafting attack against iodines static file server may allow path traversal

Impact A path traversal vulnerability was detected in iodine's static file service. This vulnerability effects any application running iodine's static file server on an effected iodine version. Malicious URL drafting may cause the static file server to attempt a response containing data from file...

openSUSE: Security Advisory for nginx (openSUSE-SU-2019:2264-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : nginx (openSUSE-2019-2264) (0-Length Headers Leak) (Data Dribble) (Resource Loop)

This update for nginx fixes the following issues : Security issues fixed : - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. - CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. - CVE-2019-9516: Fixed a deni...

SUSE SLES15 Security Update : nginx (SUSE-SU-2019:2559-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)

This update for nginx fixes the following issues : Security issues fixed : CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. CVE-2019-9516: Fixed a denial of...

OPENSUSE-SU-2019:2264-1 Security update for nginx

This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. - CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. - CVE-2019-9516: Fixed a denial...

Security update for nginx (moderate)

openSUSE Security Update: Security update for nginx Announcement ID: openSUSE-SU-2019:2264-1 Rating: moderate References: 1145579 1145580 1145582 Cross-References: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilities is now...

DNS Rebinding Tool - DNS Rebind Tool With Custom Scripts

Inspired by @tavisio This project is meant to be an All-in-one Toolkit to test further DNS rebinding attacks and my take on understanding these kind of attacks. It consists of a web server and pseudo DNS server that only responds to A queries. The root index of the web server allowes to configure...

CVE-2009-3896

src/http/ngxhttpparse.c in nginx aka Engine X 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service NULL pointer dereference and worker process crash via a long URI...

SUSE-SU-2019:2559-1 Security update for nginx

This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. - CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. - CVE-2019-9516: Fixed a denial...

Amazon Linux AMI : nginx (ALAS-2019-1299) (0-Length Headers Leak) (Data Dribble) (Resource Loop)

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...

EulerOS 2.0 SP8 : nginx (EulerOS-SA-2019-2084)

According to the versions of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This...

Important: nginx

Issue Overview: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and...

Exploit for Out-of-bounds Write in Php

PHuiP-FPizdaM What's this This is an exploit for a bug in...

Oracle Linux 8 : nginx:1.14 (ELSA-2019-2799)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2799 advisory. - Resolves: 1744811 - CVE-2019-9511 nginx:1.14/nginx: HTTP/2: large amount of data request leads to denial of service - Resolves: 1744325 - CVE-2019-95...

RHEL 8 : nginx:1.14 (RHSA-2019:2799)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2799 advisory. Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 Post Office Protocol 3 and IMAP protocols, with a focus on high...

Important: Red Hat Security Advisory: nginx:1.14 security update

An update for the nginx:1.14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nginx:1.14 security update

1:1.14.1-9.0.1 - Remove Red Hat references Orabug: 29498217 1:1.14.1-9 - Resolves: 1744811 - CVE-2019-9511 nginx:1.14/nginx: HTTP/2: large amount of data request leads to denial of service - Resolves: 1744325 - CVE-2019-9513 nginx:1.14/nginx: HTTP/2: flood using PRIORITY frames resulting in...

Important: Red Hat Security Advisory: rh-nginx114-nginx security update

An update for rh-nginx114-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...