Fedora 15 : nginx-1.0.14-1.fc15 (2012-4006)

Update to upstream release 1.0.14 to fix: malformed HTTP response headers leads to information leak. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Fedora Update for nginx FEDORA-2012-3991

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for nginx FEDORA-2012-4006

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for nginx FEDORA-2011-16075

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

[SECURITY] Fedora 15 Update: nginx-1.0.14-1.fc15

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 16 Update: nginx-1.0.14-1.fc16

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

nginx 'ngx_cpystrn()'信息泄露漏洞(CVE-2012-1180)

BUGTRAQ ID: 52578 CVE ID: CVE-2012-1180 nginx是一款使用非常广泛的高性能web服务器。 nginx在处理上游服务器的畸形HTTP响应的实现上存在信息泄露漏洞，攻击者可利用此漏洞获取敏感信息。 0 nginx 1.0.9 nginx 1.0.8 nginx 1.0.10 厂商补丁： Igor Sysoev ----------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://nginx.net/...

Mandriva Linux Security Advisory : nginx (MDVSA-2012:043)

A vulnerability has been found and corrected in nginx : Specially crafted backend response could result in sensitive information leak CVE-2012-1180. The updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

nginx: Multiple vulnerabilities

Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description Multiple vulnerabilities have been found in nginx: The TLS protocol does not properly handle session renegotiation requests CVE-2009-3555. The "ngxhttpprocessrequestheaders" function in...

Supernet CMS Blind SQL injection

Exploit for php platform in category web applications Exploit Title: Supernet CMS BlindSQLi Date: 22.03.2012 Google Dork/s: Greetz: Inj3ct0r 1337day Exploit DataBase 1337day.com allintext:"Vse pravice pridržane | © 2006 Supernet.si" site:.si allintext:"Vse pravice pridržane | © 2007 Supernet.si"...

[BSA-066] Security Update for nginx

I uploaded new packages for nginx which fixed the following security problems: DSA-2434-1 nginx -- sensitive information leak Matthew Daley discovered a memory disclosure vulnerability in nginx. In previous versions of this web server, an attacker can receive the content of previously freed memor...

nginx < 1.0.14 / 1.1.17 HTTP Header Response Memory Disclosure

The remote web server is running nginx, a lightweight, high performance web server / reverse proxy and email IMAP/POP3 proxy. According to its Server response header, the installed version of nginx is earlier than 1.0.14 or is 1.1.x before 1.1.17 and is, therefore, affected by a memory disclosure...

nginx < 1.0.10 ngx_resolver_copy Function DNS Response Parsing Buffer Overflow

The remote web server is running nginx, a lightweight, high performance web server / reverse proxy and email IMAP/POP3 proxy. According to its Server response header, the installed version of nginx is earlier than 1.0.10 and is, therefore, affected by a heap-based buffer overflow vulnerability. A...

Debian DSA-2434-1 : nginx - sensitive information leak

Matthew Daley discovered a memory disclosure vulnerability in nginx. In previous versions of this web server, an attacker can receive the content of previously freed memory if an upstream server returned a specially crafted HTTP response, potentially exposing sensitive information. %NASLMINLEVEL...

[SECURITY] [DSA 2434-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2434-1 [email protected] http://www.debian.org/security/ Luciano Bello March 19, 2012 http://www.debian.org/security/faq -...

DSA-2434-1 nginx - sensitive information leak

Bulletin has no description...

nginx fix for malformed HTTP responses from upstream servers

Hello, The nginx team has released stable version 1.0.14, and development version 1.1.17 of nginx web server, which include a fix for malformed HTTP responses from upstream servers: http://trac.nginx.org/nginx/changeset/4535/nginx http://trac.nginx.org/nginx/changeset/4531/nginx...

Nginx 1.0.x 标头解析内存泄露漏洞

nginx是一款使用非常广泛的高性能web服务器 nginx在解析服务器标头响应的实现上存在错误，可被远程攻击者利用泄露已经释放的内存 0 Nginx 1.0.x 厂商补丁： Nginx ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://nginx.net/...

FreeBSD : nginx -- potential information leak (29194cb8-6e9f-11e1-8376-f0def16c5c1b)

nginx development team reports : Matthew Daley recently discovered a security problem which may lead to a disclosure of previously freed memory on specially crafted response from an upstream server, potentially resulting in sensitive information leak. %NASLMINLEVEL 70300 C Tenable Network Securit...

nginx -- potential information leak

nginx development team reports: Matthew Daley recently discovered a security problem which may lead to a disclosure of previously freed memory on specially crafted response from an upstream server, potentially resulting in sensitive information leak...