Nginx Vulnerabilities Jul 2017 - Oct 2019

Summary

Symantec SWG products using affected versions of Nginx may be susceptible to multiple Nginx vulnerabilities. A remote attacker can use crafted requests to obtain sensitive information or cause denial of service. An attacker can also obtain sensitive information or cause denial of service by triggering Nginx to stream crafted MP4 files.

---

Affected Product(s)

Content Analysis (CA)

CVE |Supported Version(s)|Remediation
CVE-2017-7529 | 2.3 | Upgrade to later release with fixes.
2.4 | Not available at this time
3.0 | Not vulnerable, fixed in 3.0.1.1

SSL Visibility (SSLV)

CVE |Supported Version(s)|Remediation
CVE-2017-7529 | 3.10, 3.12 | Upgrade to later release with fixes.
4.5 and later | Not vulnerable, fixed in 4.5.1.1

Additional Product Information

The following products are not vulnerable:
**Advanced Secure Gateway (ASG)
AuthConnector
BCAAA
CacheFlow (CF)
Director
General Auth Connector Login Application
HSM Agent for the Luna SP
Management Center (MC)
****PacketShaper (PS) S-Series
PolicyCenter (PC) S-Series
ProxySG
Reporter
Security Analytics (SA)
Symantec Messaging Gateway (SMG)
Unified Agent
Web Isolation (WI)
WSS Agent
WSS Mobile Agent
X-Series XOS

**

Issue Details

CVE-2017-7529

Severity / CVSS v3.0: | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) References:| NVD: CVE-2017-7529 Impact:| Information disclosure Description: | An integer overflow in the range filter module allows a remote attacker to send crafted requests and obtain sensitive information from the target process memory.

CVE-2018-16843

Severity / CVSS v3.0: | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) References:| NVD: CVE-2018-16843 Impact:| Denial of service Description: | A flaw in the HTTP/2 implementation allows a remote attacker to send crafted requests and cause denial of service through excessive memory consumption.

CVE-2018-16844

Severity / CVSS v3.0: | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) References:| NVD: CVE-2018-16844 Impact:| Denial of service Description: | A flaw in the HTTP/2 implementation allows a remote attacker to send crafted requests and cause denial of service through excessive CPU consumption.

CVE-2018-16845

Severity / CVSS v3.0: | Medium / 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H) References:| NVD: CVE-2018-16845 Impact:| Information disclosure, denial of service Description: | A flaw in the ngx_http_mp4_module allows an attacker to use a crafted MP4 file to obtain sensitive information from the target process memory. The attacker can also cause denial of service through an infinite loop. The attacker needs to trigger nginx to process/stream the crafted MP4 file.

CVE-2019-9511

Severity / CVSS v3.0: | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) References:| NVD: CVE-2019-9511 Impact:| Denial of service Description: | A flaw in the HTTP/2 implementation allows a remote attacker to send crafted requests and cause denial of service through excessive CPU or memory consumption.

CVE-2019-9513

Severity / CVSS v3.0: | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) References:| NVD: CVE-2019-9513 Impact:| Denial of service Description: | A flaw in the HTTP/2 implementation allows a remote attacker to send crafted requests and cause denial of service through excessive CPU consumption.

CVE-2019-9516

Severity / CVSS v3.0: | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) References:| NVD: CVE-2019-9516 Impact:| Denial of service Description: | A flaw in the HTTP/2 implementation allows a remote attacker to send crafted requests and cause denial of service through excessive memory consumption.

**
Revisions**

2021-04-26 PacketShaper (PS) S-Series and PolicyCenter (PC) S-Series are not vulnerable.
2021-02-18 A fix for CA 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2021-01-12 A fix for SSLV 3.10 and SSLV 3.12 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-05-06 initial public release