22 matches found
nginx Detection Consolidation
Consolidation of nginx detections. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...
Debian Security Advisory DSA 3029-1 (nginx - security update)
Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position. OpenVAS Vulnerability Test $Id: deb3029.nasl 6735...
Nginx SPDY缓冲区溢出漏洞
CVE ID:CVE-2014-0133 Nginx是HTTP及反向代理服务器,同时也用作邮件代理服务器,由Igor Sysoev编写。 nginx SPDY实现存在基于堆的缓冲区溢出,允许攻击者利用漏洞提交特殊的请求使应用程序崩溃或执行任意代码。 0 nginx 1.3.15 nginx 1.5.x nginx 1.5.12, 1.4.7版本已修复该漏洞,建议用户下载使用: http://www.manageengine.com/products/opstor/...
Nginx proxy_pass模块远程安全漏洞(CVE-2013-2070)
BUGTRAQ ID: 59824 CVECAN ID: CVE-2013-2070 Nginx是HTTP及反向代理服务器,同时也用作邮件代理服务器,由Igor Sysoev编写。 Nginx 1.1.4 proxypass模块存在远程缓冲区溢出安全漏洞。如果HTTP后端返回特制的响应,proxypass模块会将工作进程内存返回给客户端。攻击者可利用此漏洞造成拒绝服务,也可以获取敏感信息。 0 Igor Sysoev nginx 1.1.19 Igor Sysoev nginx 1.1.17 Igor Sysoev nginx 1.0.9 Igor Sysoev nginx 1.0.8...
nginx 'ngx_http_close_connection()'远程整数溢出漏洞
BUGTRAQ ID: 59496 nginx是HTTP及反向代理服务器,同时也用作邮件代理服务器,由Igor Sysoev编写。 nginx在实现上存在远程整数溢出漏洞,当 r-count 小于0或大于255时,Nginx ngxhttpcloseconnection函数会存在整数溢出错误,远程攻击者通过恶意http请求利用此漏洞,可能在应用上下文中执行任意代码。 0 Igor Sysoev nginx 1.1.19 Igor Sysoev nginx 1.1.17 Igor Sysoev nginx 1.0.9 Igor Sysoev nginx 1.0.8 Igor Sysoev...
nginx explosive integer overflow vulnerability-vulnerability warning-the black bar safety net
Qihoo 3 6 0 security research team recently discovered nginx a serious vulnerability, the vulnerability exists in nginx ngxhttpcloseconnection function, the attacker can construct r-count is less than 0 or greater than 2 5 5 malicious HTTP request, the vulnerability could remotely execute arbitra...
Nginx 'access.log'不安全文件权限漏洞
BUGTRAQ ID: 58105 CVECAN ID: CVE-2013-0337 nginx是一款使用非常广泛的高性能Web服务器。 在Gentoo上,/var/log/nginx全局可访问,目录内的日志文件也是全局可读,这可允许未授权用户读取日志文件。 0 Igor Sysoev nginx 厂商补丁: Igor Sysoev ----------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://nginx.net/...
nginx 中间人攻击漏洞(CVE-2011-4968)
Bugtraq ID:57139 CVE ID:CVE-2011-4968 nginx是一款高性能的web服务器,使用非常广泛,其不仅经常被用作反向代理,也可以非常好的支持PHP的运行 nginx包含的Http代理模块允许通过https与源服务器通信,但是没有正确校验源服务器身份,允许攻击者在代理和源服务器之间进行中间人攻击 0 Igor Sysoev nginx 0.8.40 Igor Sysoev nginx 0.8.36 Igor Sysoev nginx 0.8.35 Igor Sysoev nginx 0.8.33 Igor Sysoev nginx 0.7.66 Igor...
nginx 'ngx_http_mp4_module.c'缓冲区溢出漏洞
BUGTRAQ ID: 52999 CVE ID: CVE-2012-2089 nginx是一款使用非常广泛的高性能Web服务器。 nginx在ngxhttpmp4module的实现上存在缓冲区溢出漏洞,攻击者可利用此漏洞执行任意代码。 0 nginx 1.1.17 nginx 1.0.9 nginx 1.0.8 nginx 1.0.14 厂商补丁: Igor Sysoev ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://nginx.net/...
nginx 'ngx_cpystrn()'信息泄露漏洞(CVE-2012-1180)
BUGTRAQ ID: 52578 CVE ID: CVE-2012-1180 nginx是一款使用非常广泛的高性能web服务器。 nginx在处理上游服务器的畸形HTTP响应的实现上存在信息泄露漏洞,攻击者可利用此漏洞获取敏感信息。 0 nginx 1.0.9 nginx 1.0.8 nginx 1.0.10 厂商补丁: Igor Sysoev ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://nginx.net/...
nginx DNS解析器远程堆缓冲区溢出漏洞
Bugtraq ID: 50710 CVE ID:CVE-2011-4315 nginx是一款高性能的web服务器,使用非常广泛,其不仅经常被用作反向代理,也可以非常好的支持PHP的运行。 当处理DNS应答时"ngxresolvercopy"函数ngxresolver.c存在边界错误,构建特制DNS应答可触发基于堆的缓冲区溢出。 DNS解析器一般用于代理和fastcgi模块,默认不启用。 Igor Sysoev nginx 1.0.9 Igor Sysoev nginx 1.0.8 Igor Sysoev nginx 0.8.40 Igor Sysoev nginx 0.8.36 Igo...
Nginx 0.7.650.8.39 (dev) - Source Disclosure Download
Nginx 0.7.650.8.39 dev - Source Disclosure Download TITLE: NGINX ENGINE X SERVER http://nginx.org/en/ ref-1 ======TESTED VERSIONS===== Unix versions are not vulnerable it only affects to NTFS file system Windows Stable versions: nginx/0.7.66 -- Not vulnerable nginx/0.7.65 -- Vulnerable nginx/0.7....
[SECURITY] Fedora 11 Update: nginx-0.7.64-1.fc11
Nginx engine x is an HTTPS server, HTTPS reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev...
[SECURITY] Fedora 10 Update: nginx-0.7.64-1.fc10
Nginx engine x is an HTTPS server, HTTPS reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev...
[SECURITY] Fedora 12 Update: nginx-0.7.64-1.fc12
Nginx engine x is an HTTPS server, HTTPS reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev...
nginx ngx_http_process_request_headers()函数空指针引用拒绝服务漏洞
BUGTRAQ ID: 36839 CVECAN ID: CVE-2009-3896 nginx是多平台的HTTP服务器和邮件代理服务器。 nginx服务器的src/http/ngxhttpparse.c文件的ngxhttpprocessrequestheaders函数中存在空指针引用错误,远程攻击者可以通过超长的URI来触发这个漏洞,导致worker进程崩溃。 Igor Sysoev nginx 0.8.x Igor Sysoev nginx 0.7.x Igor Sysoev nginx 0.6.x Igor Sysoev nginx 0.5.x Igor Sysoev nginx...
nginx 0.7.61 Directory Traversal
Bug Title: nginx webdav copy/move method directory traversal Program: nginx Version: nginx/0.7.61 - other versions may also be affected Website: http://sysoev.ru/nginx/ Severity: Low Date discovered: 23 September 2009 The webdav component has to be enabled and the user has to have permission to u...
nginx HTTP请求远程缓冲区溢出漏洞
Bugraq ID: 36384 CVE ID:CVE-2009-2629 nginx是一款高性能的HTTP 和反向代理服务器。 nginx处理特殊构建的URIs存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序程序执行任意指令。 当处理特殊构建的URIs时ngxhttpparsecomplexuri函数存在缓冲区下溢错误,可导致nginx服务器把URI中的数据在分配缓冲区前就写入到堆内存中,可导致以服务进程权限执行任意指令。 Igor Sysoev nginx 0.8.14 Igor Sysoev nginx 0.7.61 Igor Sysoev nginx 0.6.38 Igor...
[SECURITY] Fedora 10 Update: nginx-0.7.62-1.fc10
Nginx engine x is an HTTPS server, HTTPS reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev...
[SECURITY] Fedora 11 Update: nginx-0.7.62-1.fc11
Nginx engine x is an HTTPS server, HTTPS reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev...