Important: Red Hat Security Advisory: rh-nginx112-nginx security update

An update for rh-nginx112-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nginx: Excessive memory consumption via flaw in HTTP/2 implementation

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuratio...

nginx: Denial of service and memory disclosure via mp4 module

An instance of missing input sanitization was found in the mp4 module for nginx. A local attacker could create a specially crafted video file that, when streamed by the server, would cause a denial of service server crash or hang and, possibly, information disclosure...

Important: Red Hat Security Advisory: rh-nginx110-nginx security update

An update for rh-nginx110-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nginx: Denial of service and memory disclosure via mp4 module

An instance of missing input sanitization was found in the mp4 module for nginx. A local attacker could create a specially crafted video file that, when streamed by the server, would cause a denial of service server crash or hang and, possibly, information disclosure...

Important: Red Hat Security Advisory: rh-nginx18-nginx security update

An update for rh-nginx18-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

[SECURITY] Fedora 29 Update: nginx-1.14.1-2.fc29

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

Endpoint for Out-of-Band Exfiltration: Arecibo

In the process of identifying and exploiting vulnerabilities, it is sometimes necessary to resort to Out of Band OOB techniques in order to exfiltrate information through DNS resolutions or HTTP requests. To address this kind of situation the faster and simpler solution can be the use of a Burp...

Red Team’s SIEM: RedELK

Red Team’s SIEM – easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability for the Red Team in long term operations. When performing multi-month, multi-C2teamserver and multi-scenario red team operations, you are working with an...

FormAssembly: xmlrpc.php file is enable it will used for (DOS) and bruteforce attack

Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. The website https://www.formassembly.com/ has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. In order ...

HackerOne: Corrupted Authorization header can cause logs not to be ingested properly in ████████

HackerOne ingests different logs in ██████, one of them being nginx access logs from our load balancers. The default log format of our load balancer configuration is shown below. As can be seen in the format, the HTTP user specified in the Authorization header $remoteuser is placed between the...

Updated nginx package fixes security vulnerabilities

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption CVE-2018-16843. nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage...

MGASA-2018-0459 Updated nginx package fixes security vulnerabilities

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption CVE-2018-16843. nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage...

Mail.ru: [o2.mail.ru] nginx alias traversal

Invalid nginx configuration allowed limited path traversal in o2.mail.ru...

nginx 1.x < 1.14.1 / 1.15.x < 1.15.6 Multiple Vulnerabilities

According to its Server response header, the installed version of nginx is 1.x prior to 1.14.1 or 1.15.x prior to 1.15.6. It is, therefore, affected by the following issues : - An unspecified error exists related to the module 'ngxhttpv2module' that allows excessive memory usage. CVE-2018-16843 -...

nginx 1.1.3 - 1.15.5 Denial of Service and Memory Disclosure via mp4 module

A security issue was identified in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. SPDX-FileCopyrightText: 2018 Greenbone AG Som...

nginx 1.9.5 < 1.14.1, 1.15.x < 1.15.6 Multiple Vulnerabilities

Two security issues were identified in the nginx HTTP/2 implementation, which might cause excessive memory consumption and CPU usage. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Debian DSA-4335-1 : nginx - security update

Three vulnerabilities were discovered in Nginx, a high-performance web and reverse proxy server, which could result in denial of service in processing HTTP/2 via excessive memory/CPU usage or server memory disclosure in the ngxhttpmp4module module used for server-side MP4 streaming. C Tenable...

Debian DLA-1572-1 : nginx security update

It was discovered that there was a denial of service DoS vulnerability in the nginx web/proxy server. As there was no validation for the size of a 64-bit atom in an MP4 file, this could have led to a CPU hog when the size was 0, or various other problems due to integer underflow when the...

[SECURITY] [DSA 4335-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4335-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 08, 2018 https://www.debian.org/security/faq -...