Nginx 1.3.9 1.4.0 - Denial of Service (PoC)

Nginx 1.3.9 1.4.0 - Denial of Service PoC Exploit Title: nginx v1.3.9-1.4.0 DOS POC CVE-2013-2028 Google Dork: CVE-2013-2028 Date: 16.05.2013 Exploit Author: Mert SARICA - mert . sarica @ gmail . com - http://www.mertsarica.com Vendor Homepage: http://nginx.org/ Software Link:...

nginx 'ngx_http_parse.c'栈缓冲区溢出漏洞

BUGTRAQ ID: 59699 CVECAN ID: CVE-2013-2028 nginx是HTTP及反向代理服务器，同时也用作邮件代理服务器。 nginx 1.3.9 - 1.4.0在解析HTTP块时，"ngxhttpparsechunked"函数 http/ngxhttpparse.c中存在错误，可被利用造成栈缓冲区溢出。 0 Nginx 1.3.9 - 1.4.0 临时解决方法： 建议您升级到nginx 1.4.1或者是1.5.0。但如果您不能立刻安装补丁或者升级，您可以采取以下措施以降低威胁： 在每个server块中使用如下配置 if $httptransferencodi...

Nginx 1.3.9 < 1.4.0 - Denial of Service (PoC)

Exploit Title: nginx v1.3.9-1.4.0 DOS POC CVE-2013-2028 Google Dork: CVE-2013-2028 Date: 16.05.2013 Exploit Author: Mert SARICA - mert . sarica @ gmail . com - http://www.mertsarica.com Vendor Homepage: http://nginx.org/ Software Link: http://nginx.org/download/nginx-1.4.0.tar.gz Version:...

nginx 1.3.9-1.4.0 DoS PoC

No description provided by source. !/usr/bin/env python Exploit Title: nginx v1.3.9-1.4.0 DOS POC CVE-2013-2070 Google Dork: CVE-2013-2070 Date: 16.05.2013 Exploit Author: Mert SARICA - mert . sarica @ gmail . com - http://www.mertsarica.com Vendor Homepage: http://nginx.org/ Software Link:...

Medium: nginx

Issue Overview: http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy...

Fedora 19 : nginx-1.4.1-1.fc19 (2013-7560)

Update to upstream release 1.4.1 which fixes : - CVE-2013-2028: Stack-based buffer overflow when handling certain chunked transfer encoding requests Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted t...

[SECURITY] Fedora 19 Update: nginx-1.4.1-1.fc19

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

nginx < 1.4.1 / 1.5.0 Multiple Vulnerabilities

Binary data 6795.prm...

FreeBSD : nginx -- multiple vulnerabilities (efaa4071-b700-11e2-b1b9-f0def16c5c1b)

The nginx project reports : A stack-based buffer overflow might occur in a worker process process while handling a specially crafted request, potentially resulting in arbitrary code execution. CVE-2013-2028 A security problem related to CVE-2013-2028 was identified, affecting some previous nginx...

Security fix for the ALT Linux 9 package nginx version 1.4.1-alt1

May 7, 2013 Denis Smirnov 1.4.1-alt1 - 1.4.1 - CVE-2013-2028...

nginx -- multiple vulnerabilities

The nginx project reports: A stack-based buffer overflow might occur in a worker process process while handling a specially crafted request, potentially resulting in arbitrary code execution. CVE-2013-2028 A security problem related to CVE-2013-2028 was identified, affecting some previous nginx...

nginx integer overflow

Integer overflow leads to code execution...

Re: Nginx ngx_http_close_connection function integer overflow

Hello, On Thu, 25 Apr 2013, 06:52-0000, [email protected] wrote: ... II. DESCRIPTION --------------------- Qihoo 360 Web Security Research Team discovered a critical vulnerability in nginx. The vulnerability is caused by a int overflow error within the Nginx ngxhttpcloseconnection function when...

nginx 'ngx_http_close_connection()'远程整数溢出漏洞

BUGTRAQ ID: 59496 nginx是HTTP及反向代理服务器，同时也用作邮件代理服务器，由Igor Sysoev编写。 nginx在实现上存在远程整数溢出漏洞，当 r-count 小于0或大于255时，Nginx ngxhttpcloseconnection函数会存在整数溢出错误，远程攻击者通过恶意http请求利用此漏洞，可能在应用上下文中执行任意代码。 0 Igor Sysoev nginx 1.1.19 Igor Sysoev nginx 1.1.17 Igor Sysoev nginx 1.0.9 Igor Sysoev nginx 1.0.8 Igor Sysoev...

Nginx ngx_http_close_connection function integer overflow

Website: http://safe3.com.cn I. BACKGROUND --------------------- Nginx is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VKontakte, and Rambler. Accordin...

nginx Integer Overflow Vulnerability

Qihoo 360 Web Security Research Team discovered a critical vulnerability in nginx. The vulnerability is caused by a integer overflow error within the Nginx ngxhttpcloseconnection function when r-count is less then 0 or more then 255, which could be exploited by remote attackers to compromise a...

nginx explosive integer overflow vulnerability-vulnerability warning-the black bar safety net

Qihoo 3 6 0 security research team recently discovered nginx a serious vulnerability, the vulnerability exists in nginx ngxhttpcloseconnection function, the attacker can construct r-count is less than 0 or greater than 2 5 5 malicious HTTP request, the vulnerability could remotely execute arbitra...

nginx Arbitrary Code Execution Vulnerability (Aug 2011)

nginx is prone to an arbitrary code execution vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx";...

nginx 0.6.x Arbitrary Code Execution NullByte Injection Vulnerability

Exploit for multiple platform in category web applications Exploit Title: nginx Arbitrary Code Execution NullByte Injection Date: 24/08/2011 Exploit Author: Neal Poole Vendor Homepage: http://nginx.org/ Software Link: https://launchpad.net/nginx/0.6/0.6.36/+download/nginx-0.6.36.tar.gz Version:...

nginx 0.6.x Arbitrary Code Execution NullByte Injection

No description provided by source. Exploit Title: nginx Arbitrary Code Execution NullByte Injection Date: 24/08/2011 Exploit Author: Neal Poole Vendor Homepage: http://nginx.org/ Software Link: https://launchpad.net/nginx/0.6/0.6.36/+download/nginx-0.6.36.tar.gz Version: 0.5., 0.6., 0.7 = 0.7.65,...