Lucene search

UbuntuUSN-3812-1

HistoryNov 07, 2018 - 12:00 a.m.

nginx vulnerabilities

2018-11-0700:00:00

ubuntu.com

1138

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.097 Low

EPSS

Percentile

94.7%

JSON

Releases

Ubuntu 18.10
Ubuntu 18.04 ESM
Ubuntu 16.04 ESM
Ubuntu 14.04 ESM

Packages

nginx - small, powerful, scalable web/proxy server

Details

It was discovered that nginx incorrectly handled the HTTP/2 implementation.
A remote attacker could possibly use this issue to cause excessive memory
consumption, leading to a denial of service. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)

Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2
implementation. A remote attacker could possibly use this issue to cause
excessive CPU usage, leading to a denial of service. This issue only
affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10.
(CVE-2018-16844)

It was discovered that nginx incorrectly handled the ngx_http_mp4_module
module. A remote attacker could possibly use this issue with a specially
crafted mp4 file to cause nginx to crash, stop responding, or access
arbitrary memory. (CVE-2018-16845)

OSVersionArchitecturePackageVersionFilename
Ubuntu18.10noarchnginx-common< 1.15.5-0ubuntu2.1UNKNOWN
Ubuntu18.10noarchlibnginx-mod-http-auth-pam< 1.15.5-0ubuntu2.1UNKNOWN
Ubuntu18.10noarchlibnginx-mod-http-auth-pam-dbgsym< 1.15.5-0ubuntu2.1UNKNOWN
Ubuntu18.10noarchlibnginx-mod-http-cache-purge< 1.15.5-0ubuntu2.1UNKNOWN
Ubuntu18.10noarchlibnginx-mod-http-cache-purge-dbgsym< 1.15.5-0ubuntu2.1UNKNOWN
Ubuntu18.10noarchlibnginx-mod-http-dav-ext< 1.15.5-0ubuntu2.1UNKNOWN
Ubuntu18.10noarchlibnginx-mod-http-dav-ext-dbgsym< 1.15.5-0ubuntu2.1UNKNOWN
Ubuntu18.10noarchlibnginx-mod-http-echo< 1.15.5-0ubuntu2.1UNKNOWN
Ubuntu18.10noarchlibnginx-mod-http-echo-dbgsym< 1.15.5-0ubuntu2.1UNKNOWN
Ubuntu18.10noarchlibnginx-mod-http-fancyindex< 1.15.5-0ubuntu2.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	18.10	noarch	nginx-common	< 1.15.5-0ubuntu2.1	UNKNOWN
Ubuntu	18.10	noarch	libnginx-mod-http-auth-pam	< 1.15.5-0ubuntu2.1	UNKNOWN
Ubuntu	18.10	noarch	libnginx-mod-http-auth-pam-dbgsym	< 1.15.5-0ubuntu2.1	UNKNOWN
Ubuntu	18.10	noarch	libnginx-mod-http-cache-purge	< 1.15.5-0ubuntu2.1	UNKNOWN
Ubuntu	18.10	noarch	libnginx-mod-http-cache-purge-dbgsym	< 1.15.5-0ubuntu2.1	UNKNOWN
Ubuntu	18.10	noarch	libnginx-mod-http-dav-ext	< 1.15.5-0ubuntu2.1	UNKNOWN
Ubuntu	18.10	noarch	libnginx-mod-http-dav-ext-dbgsym	< 1.15.5-0ubuntu2.1	UNKNOWN
Ubuntu	18.10	noarch	libnginx-mod-http-echo	< 1.15.5-0ubuntu2.1	UNKNOWN
Ubuntu	18.10	noarch	libnginx-mod-http-echo-dbgsym	< 1.15.5-0ubuntu2.1	UNKNOWN
Ubuntu	18.10	noarch	libnginx-mod-http-fancyindex	< 1.15.5-0ubuntu2.1	UNKNOWN