[SECURITY] Fedora 19 Update: nginx-1.4.4-1.fc19

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

Nginx Blank Null Byte 代码执行漏洞

No description provided by source...

Fedora 19 : nginx-1.4.4-1.fc19 (2013-21826)

Update to the latest version - Upstream changelog can be found at http://nginx.org/en/CHANGES-1.4 - Security fix BZ 1032267 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

Important: nginx

Issue Overview: nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. Affected Packages: nginx Issue Correction: Run yum update nginx or yum update --advisory ALAS-2013-249 to update your system. New...

nginx < 1.4.4 / 1.5.7 ngx_parse_http Security Bypass

According to the self-reported version in the Server response header, the installed version of nginx is greater than 0.8.41 but prior to 1.4.4 / 1.5.7. It is, therefore, affected by a security bypass vulnerability in 'ngxhttpparse.c' when a file with a space at the end of the URI is requested...

nginx protection bypass

It's possible to bypass restrictions with "poisoned NUL bute"...

[SECURITY] [DSA 2802-1] nginx security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2802-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst November 21, 2013 http://www.debian.org/security/faq -...

Debian DSA-2802-1 : nginx - restriction bypass

Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request. The oldstable distribution squeeze is not affected by this problem. %NASLMINLEVEL 70300 C Tenable Network Security,...

Mandriva Linux Security Advisory : nginx (MDVSA-2013:281)

Updated nginx package fixes security vulnerability : Ivan Fratric of the Google Security Team discovered a bug in nginx, which might allow an attacker to bypass security restrictions in certain configurations by using a specially crafted request, or might have potential other impact CVE-2013-4547...

CVE-2013-4547

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI...

DEBIAN-CVE-2013-4547

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI...

CVE-2013-4547

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI...

CVE-2013-4547

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI...

Design/Logic Flaw

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI...

CVE-2013-4547

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI...

CVE-2013-4547

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI...

CVE-2013-4547

CVE-2013-4547 affects nginx versions 0.8.41–1.4.3 and 1.5.x prior to 1.5.7. Root cause: an unescaped space character in a URI can bypass intended restrictions, enabling remote bypass of access controls as described in the entry. Impact: restriction bypass is possible; exploitation and mitigation ...

MGASA-2013-0349 Updated nginx packages fix CVE-2013-4547

Updated nginx package fixes security vulnerability: Ivan Fratric of the Google Security Team discovered a bug in nginx, which might allow an attacker to bypass security restrictions in certain configurations by using a specially crafted request, or might have potential other impact CVE-2013-4547...

Updated nginx packages fix CVE-2013-4547

Updated nginx package fixes security vulnerability: Ivan Fratric of the Google Security Team discovered a bug in nginx, which might allow an attacker to bypass security restrictions in certain configurations by using a specially crafted request, or might have potential other impact CVE-2013-4547...

Debian Patches Flaws in Nginx, Perl Module

Debian has released patches for a pair of security vulnerabilities in the free operating system, including a security bypass flaw in the Nginx Web server. The other vulnerability lies in a Perl module used in the OS. The vulnerability in the HTTP: :Body Perl module could allow an attacker to run...