14 matches found
Mageia: Security Advisory (MGASA-2014-0136)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
IRCCloud: Exposed, outdated nginx server (v1.4.6) potentially vulnerable to heap-based buffer overflow & RCE
Summary ======== During my reconnaissance for your bug bounty program, I discovered an instance of nginx version 1.4.6 running at the IP address https://54.153.101.52. To locate it, I search for IRCCloud-related certificated and found the self-signed certificate for this server...
Amazon Linux: Security Advisory (ALAS-2014-308)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : nginx (openSUSE-SU-2014:0450-1)
nginx was updated to 1.4.7 to fix bugs and security issues. Fixed security issues : - CVE-2014-0133: nginx:heap-based buffer overflow in SPDY implementation New upstream release 1.4.7 bnc869076 CVE-2014-0133 Security: a heap memory buffer overflow might occur in a worker process while handling a...
Nginx SPDY缓冲区溢出漏洞
CVE ID:CVE-2014-0133 Nginx是HTTP及反向代理服务器,同时也用作邮件代理服务器,由Igor Sysoev编写。 nginx SPDY实现存在基于堆的缓冲区溢出,允许攻击者利用漏洞提交特殊的请求使应用程序崩溃或执行任意代码。 0 nginx 1.3.15 nginx 1.5.x nginx 1.5.12, 1.4.7版本已修复该漏洞,建议用户下载使用: http://www.manageengine.com/products/opstor/...
CVE-2014-0133
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request...
SPDY heap buffer overflow
SPDY heap buffer overflow Severity: major CVE-2014-0133 Not vulnerable: 1.5.12+, 1.4.7+ Vulnerable: 1.3.15-1.5.11...
CVE-2014-0133
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request...
Amazon Linux AMI : nginx (ALAS-2014-308)
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon...
Internet Bug Bounty: SPDY heap buffer overflow
A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem affects nginx 1.3.15 -...
FreeBSD : nginx -- SPDY heap buffer overflow (fc28df92-b233-11e3-99ca-f0def16c5c1b)
The nginx project reports : A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem...
Important: nginx
Issue Overview: Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. Affected Packages: nginx Issue Correction: Run yum update nginx or yum update --advisory ALAS-2014-30...
Updated nginx package fixes security vulnerability
A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133...
nginx -- SPDY heap buffer overflow
The nginx project reports: A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem...