5 matches found
CVE-2018-16843
CVE-2018-16843 affects nginx before 1.15.6 and 1.14.1, where HTTP/2 implementation vulnerabilities in ngx_http_v2_module (if http2 is enabled) can cause excessive memory usage. Connected advisories also reference related CVEs (16844/16845) and show multiple distributions (Debian, Fedora/Red Hat, ...
CVE-2019-20372
NGINX (on Amazon Linux 2) is affected by CVE-2019-20372 when configured with certain error_page settings, enabling HTTP request smuggling. The Amazon Linux 2 ALAS advisory ALAS2NGINX1-2023-004 confirms vulnerable 1.17.x/older configurations and provides patched packages: nginx 1.18.0 and related ...
CVE-2021-3618
ALPACA (CVE-2021-3618) is an application-layer protocol content confusion attack affecting multiple assets (e.g., nginx, vsftpd, sendmail) where TLS servers configured for different protocols with compatible certificates can allow a MITM attacker to redirect subdomain traffic to another, potentia...
CVE-2017-20005
CVE-2017-20005 affects NGINX before 1.13.6. It is a buffer overflow in the autoindex module triggered by modification dates with years exceeding four digits (e.g., 1969 or far-future dates), caused by integer overflow. The CVSSv3.1 vector and score indicate CRITICAL severity. Remediation per sour...
CVE-2010-4180
OpenSSL vulnerability CVE-2010-4180 affects OpenSSL versions before 0.9.8q and 1.0.x before 1.0.0c when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled. The flaw allows remote attackers to modify the ciphersuite in the session cache, enabling a downgrade to an unintended cipher by sniffing net...