Search criteria
130 vulnerabilities found for NGINX by F5
VAR-201908-0421
Vulnerability from variot - Updated: 2025-12-22 23:25Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service.
For the stable distribution (buster), these problems have been fixed in version 10.19.0~dfsg1-1.
We recommend that you upgrade your nodejs packages.
For the detailed security status of nodejs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nodejs
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6p6wwACgkQEMKTtsN8 TjYz/RAAl2mPQItVPZ7+gHf42+k3BfjOu2vgGgUNyamYKokGKD+R/GgGZhMKTdm1 EFBWZCSiEwy+vQD9+kcNCmWxZjmor0lVudgEZUt8IMTEHXirmbv5Qx539ULTKwuj TFva/I6q5umL37o0iQzEMWomsKD1gZ5yjXbZdO6ubtkiqc9c9WJUBdI3lNsmy8Wm 2MgHKFfwz2H6OR7ZLCWjIiVd/FmvuKTMR80vc8CjyHMP+JeuOoG3WXhBTjqEdWqr yYHNahMfHam4b22NX07ngoiy9joEu0Ti6HPWRk4vI2KelocAJDB+J7QZ0DuPyguI 6nB3Xj74gX4V2ps+N0LFOvtlj9pk2YUQW8klrND38i8LZQKRhHRtKuLSeql7QElt ja+6eDmuSRIlcsS/Yyxfyb9c8571hxIrw/wrg8/d2k29UdX0rqsAlQ8RC73gHfD0 eQpMJDLmKf83PHIMZCcb2THtGzeV0rTI2nOVMJ6ULCeIXVTOlXM7HKFLV8c56V2j oRy7PXu3FOuiDyKc2GKRftap9FSQLCD9AtSKO4iNT6Kx47CtiLWpUMDUv5h57Foy kyqhEiNjTK8UZH/+8prytQeH2pJ1iAq9j7ePtiyOsoI6vN2IOgP7xTyQ1QDkaKzb xKVacLkhBzO+drODEBaNlZdt2k6OewO5TR9d6oCmQT5ZLhuJ8Ak= =I2bH -----END PGP SIGNATURE----- . Bugs fixed (https://bugzilla.redhat.com/):
1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs 1690628 - CVE-2019-3875 keycloak: missing signatures validation on CRL used to verify client certificates 1728609 - CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation 1729261 - CVE-2019-10199 keycloak: CSRF check missing in My Resources functionality in the Account Console 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1749487 - CVE-2019-14832 keycloak: cross-realm user access auth bypass 1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default 1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource 1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig 1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package 1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package 1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package 1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources. 1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS 1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db. 1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments 1816175 - CVE-2019-12419 cxf: OpenId Connect token service does not properly validate the clientId 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5 JBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11 JBEAP-17365 - GSS Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7 JBEAP-17476 - GSS Upgrade Generic JMS RA 2.0.2.Final JBEAP-17478 - GSS Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final JBEAP-17483 - GSS Upgrade Apache CXF from 3.2.9 to 3.2.10 JBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17513 - GSS Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13 JBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005 JBEAP-17523 - GSS Upgrade wildfly-core from 6.0.16 to 6.0.17 JBEAP-17547 - GSS Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final JBEAP-17548 - GSS Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001 JBEAP-17560 - GSS Upgrade HAL from 3.0.16 to 3.0.17 JBEAP-17579 - GSS Upgrade JBoss MSC from 1.4.8 to 1.4.11 JBEAP-17582 - GSS Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003 JBEAP-17605 - Tracker bug for the EAP 7.2.5 release for RHEL-8 JBEAP-17631 - GSS Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3 JBEAP-17647 - GSS Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final JBEAP-17665 - GSS Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final JBEAP-17722 - GSS Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final JBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8 JBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: httpd24-httpd and httpd24-nghttp2 security update Advisory ID: RHSA-2019:2949-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2949 Issue date: 2019-10-01 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9517 ==================================================================== 1. Summary:
An update for httpd24-httpd and httpd24-nghttp2 is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
-
HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: httpd24-httpd-2.4.34-8.el6.1.src.rpm httpd24-nghttp2-1.7.1-7.el6.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm
x86_64: httpd24-httpd-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: httpd24-httpd-2.4.34-8.el6.1.src.rpm httpd24-nghttp2-1.7.1-7.el6.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm
x86_64: httpd24-httpd-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
aarch64: httpd24-httpd-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
aarch64: httpd24-httpd-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm
x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm
x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm
x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm
x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXZM+I9zjgjWX9erEAQhZww/+KbkqyDmqC5wyM0PG3/ZbsAg8Odywrvl7 P6oFYg8/Dsb5Tdrf6kZgHb6TFPYRqdptH5WTmLVedjvkvYgOeseVyzUCcjUgxP3S GjH1rGHQosMyRG82dyB3nexUnjJsDPQZ7kAnT3QS7WwzluY+jzBmQb54nEyfOK+2 Cm7MQbRJGS9igNGWlrbJpWA1caZkLDWpXxBNwmf1lh6LR/xOlbbEn3OnU4VFnIeI dbqAOP8DXSMvTFDvUuqZTJw2IjnWAYm2CJ3hi/BdRiAbsRtiIjFrQ3A3EaObt3ip P+FEXawj7/NzwMEFZu5Los+bJBH21Gdr44d0iS1FQYYC41rz0g1KVHizFVkFT2Hh m2YI65XlEd393dQMCtfrZIArZt87dBkU4JCBvKPYQ9+cF3PMR5ZzHSI2iSJ67iZM TWxkZv5mrI7DXZooOMfrW7aX8eyKk9PZy/iU24Iu8rJ4d9WZto9oDXZb4RwrurfV 2HB7wOpDz3duWsCJojE8lbpWJ8PswajfaruJq/jX7Za++v7F7GyTbSOgsAQAfDY2 XUTGiYzbrZmaIKaP3REWwTn+xTJBh8mqvUA2E+KvZzSn8fBEry8GIUsIKmxxzsz2 uqDSPyZ4Q5UO1nwLXpghkz/S1/JJztzbpLn1BJuISsTmR12R5a2Zrd8wcqpn9SOl I52/ZH/L3O8=N7om -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/
- Bugs fixed (https://bugzilla.redhat.com/):
1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Description:
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 (Post Office Protocol 3) and IMAP protocols, with a focus on high concurrency, performance and low memory usage. Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update). 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (10.16.3)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0421",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.24"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.2"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2.0"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.16.1"
},
{
"model": "swiftnio",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.16.3"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.9.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.16.1"
},
{
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.1.0"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.5"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.8.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"model": "swiftnio",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.0"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.13"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.8.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.6"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "akamai",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache traffic server",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cloudflare",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "envoy",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "facebook",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "litespeed",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netty",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "twisted",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grpc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nghttp2",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "155479"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154663"
}
],
"trust": 0.8
},
"cve": "CVE-2019-9511",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9511",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160946",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9511",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9511",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9511",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cret@cert.org",
"id": "CVE-2019-9511",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-924",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160946",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-924"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 10.19.0~dfsg1-1. \n\nWe recommend that you upgrade your nodejs packages. \n\nFor the detailed security status of nodejs please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nodejs\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6p6wwACgkQEMKTtsN8\nTjYz/RAAl2mPQItVPZ7+gHf42+k3BfjOu2vgGgUNyamYKokGKD+R/GgGZhMKTdm1\nEFBWZCSiEwy+vQD9+kcNCmWxZjmor0lVudgEZUt8IMTEHXirmbv5Qx539ULTKwuj\nTFva/I6q5umL37o0iQzEMWomsKD1gZ5yjXbZdO6ubtkiqc9c9WJUBdI3lNsmy8Wm\n2MgHKFfwz2H6OR7ZLCWjIiVd/FmvuKTMR80vc8CjyHMP+JeuOoG3WXhBTjqEdWqr\nyYHNahMfHam4b22NX07ngoiy9joEu0Ti6HPWRk4vI2KelocAJDB+J7QZ0DuPyguI\n6nB3Xj74gX4V2ps+N0LFOvtlj9pk2YUQW8klrND38i8LZQKRhHRtKuLSeql7QElt\nja+6eDmuSRIlcsS/Yyxfyb9c8571hxIrw/wrg8/d2k29UdX0rqsAlQ8RC73gHfD0\neQpMJDLmKf83PHIMZCcb2THtGzeV0rTI2nOVMJ6ULCeIXVTOlXM7HKFLV8c56V2j\noRy7PXu3FOuiDyKc2GKRftap9FSQLCD9AtSKO4iNT6Kx47CtiLWpUMDUv5h57Foy\nkyqhEiNjTK8UZH/+8prytQeH2pJ1iAq9j7ePtiyOsoI6vN2IOgP7xTyQ1QDkaKzb\nxKVacLkhBzO+drODEBaNlZdt2k6OewO5TR9d6oCmQT5ZLhuJ8Ak=\n=I2bH\n-----END PGP SIGNATURE-----\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs\n1690628 - CVE-2019-3875 keycloak: missing signatures validation on CRL used to verify client certificates\n1728609 - CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation\n1729261 - CVE-2019-10199 keycloak: CSRF check missing in My Resources functionality in the Account Console\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1749487 - CVE-2019-14832 keycloak: cross-realm user access auth bypass\n1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and \u0027Deployer\u0027 user by default\n1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource\n1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig\n1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package\n1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package\n1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package\n1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*\n1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource\n1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol\n1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data\n1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source\n1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS\n1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*\n1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments\n1816175 - CVE-2019-12419 cxf: OpenId Connect token service does not properly validate the clientId\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n\n5. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5\nJBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11\nJBEAP-17365 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7\nJBEAP-17476 - [GSS](7.2.z) Upgrade Generic JMS RA 2.0.2.Final\nJBEAP-17478 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final\nJBEAP-17483 - [GSS](7.2.z) Upgrade Apache CXF from 3.2.9 to 3.2.10\nJBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17513 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13\nJBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005\nJBEAP-17523 - [GSS](7.2.z) Upgrade wildfly-core from 6.0.16 to 6.0.17\nJBEAP-17547 - [GSS](7.2.z) Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final\nJBEAP-17548 - [GSS](7.2.z) Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001\nJBEAP-17560 - [GSS](7.2.z) Upgrade HAL from 3.0.16 to 3.0.17\nJBEAP-17579 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.8 to 1.4.11\nJBEAP-17582 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003\nJBEAP-17605 - Tracker bug for the EAP 7.2.5 release for RHEL-8\nJBEAP-17631 - [GSS](7.2.z) Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3\nJBEAP-17647 - [GSS](7.2.z) Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final\nJBEAP-17665 - [GSS](7.2.z) Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final\nJBEAP-17722 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final\nJBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8\nJBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1\n\n7. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: httpd24-httpd and httpd24-nghttp2 security update\nAdvisory ID: RHSA-2019:2949-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2949\nIssue date: 2019-10-01\nCVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9517\n====================================================================\n1. Summary:\n\nAn update for httpd24-httpd and httpd24-nghttp2 is now available for Red\nHat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nhttpd24-httpd-2.4.34-8.el6.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nhttpd24-httpd-2.4.34-8.el6.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\naarch64:\nhttpd24-httpd-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\naarch64:\nhttpd24-httpd-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9517\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXZM+I9zjgjWX9erEAQhZww/+KbkqyDmqC5wyM0PG3/ZbsAg8Odywrvl7\nP6oFYg8/Dsb5Tdrf6kZgHb6TFPYRqdptH5WTmLVedjvkvYgOeseVyzUCcjUgxP3S\nGjH1rGHQosMyRG82dyB3nexUnjJsDPQZ7kAnT3QS7WwzluY+jzBmQb54nEyfOK+2\nCm7MQbRJGS9igNGWlrbJpWA1caZkLDWpXxBNwmf1lh6LR/xOlbbEn3OnU4VFnIeI\ndbqAOP8DXSMvTFDvUuqZTJw2IjnWAYm2CJ3hi/BdRiAbsRtiIjFrQ3A3EaObt3ip\nP+FEXawj7/NzwMEFZu5Los+bJBH21Gdr44d0iS1FQYYC41rz0g1KVHizFVkFT2Hh\nm2YI65XlEd393dQMCtfrZIArZt87dBkU4JCBvKPYQ9+cF3PMR5ZzHSI2iSJ67iZM\nTWxkZv5mrI7DXZooOMfrW7aX8eyKk9PZy/iU24Iu8rJ4d9WZto9oDXZb4RwrurfV\n2HB7wOpDz3duWsCJojE8lbpWJ8PswajfaruJq/jX7Za++v7F7GyTbSOgsAQAfDY2\nXUTGiYzbrZmaIKaP3REWwTn+xTJBh8mqvUA2E+KvZzSn8fBEry8GIUsIKmxxzsz2\nuqDSPyZ4Q5UO1nwLXpghkz/S1/JJztzbpLn1BJuISsTmR12R5a2Zrd8wcqpn9SOl\nI52/ZH/L3O8=N7om\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Description:\n\nNginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 (Post\nOffice Protocol 3) and IMAP protocols, with a focus on high concurrency,\nperformance and low memory usage. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nnodejs (10.16.3)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9511"
},
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "155479"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154663"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9511",
"trust": 2.6
},
{
"db": "CERT/CC",
"id": "VU#605641",
"trust": 2.5
},
{
"db": "MCAFEE",
"id": "SB10296",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "154117",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201908-924",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156852",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3116",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2071",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4788",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1544",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3129",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4343",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4645",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4403",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1335",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4484",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0100",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1030",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155484",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158095",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155414",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157214",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "43918",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "154663",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154699",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154533",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154725",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154693",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154401",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154712",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154510",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154471",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154190",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154470",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154848",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-160946",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168812",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155479",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155417",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "155479"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-924"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"id": "VAR-201908-0421",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160946"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T23:25:23.385000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96609"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-924"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-770",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"trust": 2.5,
"url": "https://www.synology.com/security/advisory/synology_sa_19_33"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3932"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4020"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:3933"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:3935"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:4018"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:4019"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:4021"
},
{
"trust": 2.3,
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2799"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2925"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2949"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/aug/40"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/sep/1"
},
{
"trust": 1.7,
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2692"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2745"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2746"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2775"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2939"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2955"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2966"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:3041"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"trust": 1.6,
"url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k02591030"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7540"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7541"
},
{
"trust": 0.8,
"url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
},
{
"trust": 0.8,
"url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 0.6,
"url": "http2-cves/"
},
{
"trust": 0.6,
"url": "https://www.cloudfoundry.org/blog/various-"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k50233772"
},
{
"trust": 0.6,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
},
{
"trust": 0.6,
"url": "https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1544/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2071/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158636/red-hat-security-advisory-2020-3192-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4403/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
},
{
"trust": 0.6,
"url": "https://pivotal.io/security/cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4484/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143454"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/154117/ubuntu-security-notice-usn-4099-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3116/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157741/red-hat-security-advisory-2020-2067-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1150960"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1137466"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4343/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43918"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1167160"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155484/red-hat-security-advisory-2019-4019-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vyatta-5600-vrouter-software-patches-release-1801-ze-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3129/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nodejs"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15606"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15605"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1729"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-0737"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-17199"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-17189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-0734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.6.0\u0026productchanged=yes"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10247"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10241"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "155479"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-924"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "155479"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-924"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "CERT/CC",
"id": "VU#605641"
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-160946"
},
{
"date": "2020-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "168812"
},
{
"date": "2020-05-18T16:42:53",
"db": "PACKETSTORM",
"id": "157741"
},
{
"date": "2019-11-27T15:37:53",
"db": "PACKETSTORM",
"id": "155479"
},
{
"date": "2019-11-20T21:11:11",
"db": "PACKETSTORM",
"id": "155417"
},
{
"date": "2019-10-01T20:46:00",
"db": "PACKETSTORM",
"id": "154699"
},
{
"date": "2020-07-29T00:05:59",
"db": "PACKETSTORM",
"id": "158636"
},
{
"date": "2019-09-19T16:28:51",
"db": "PACKETSTORM",
"id": "154533"
},
{
"date": "2020-03-23T15:57:42",
"db": "PACKETSTORM",
"id": "156852"
},
{
"date": "2019-09-30T13:33:33",
"db": "PACKETSTORM",
"id": "154663"
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-924"
},
{
"date": "2019-08-13T21:15:12.223000",
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#605641"
},
{
"date": "2020-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-160946"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-924"
},
{
"date": "2025-01-14T19:29:55.853000",
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-924"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-924"
}
],
"trust": 0.6
}
}
VAR-202310-0175
Vulnerability from variot - Updated: 2025-12-22 22:37The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. The updated image includes new features and bug fixes.
It contains the following bug fixes and changes:
-
Previously, Red Hat OpenShift Container Platform customers using the downloaded manifest bundle with automatic upgrades enabled found that Sensor did not automatically upgrade, and failed with a
PRE_FLIGHT_CHECKS_FAILEDerror. This issue has been fixed. (ROX-19955) -
RHACS 4.2.2 includes a new default policy called \"Rapid Reset: Denial of Service Vulnerability in HTTP/2 Protocol\". This policy alerts on deployments with images containing components that are susceptible to a Denial of Service (DoS) vulnerability for HTTP/2 servers, based on CVE-2023-44487 and CVE-2023-39325. This policy applies to the build or deploy life cycle stage.
Description:
This asynchronous patch is a security update zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.13. ========================================================================== Ubuntu Security Notice USN-6438-2 October 25, 2023
.Net regressions
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
Summary:
An incomplete fix was discovered in .Net.
Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime
Details:
USN-6438-1 fixed vulnerabilities in .Net. It was discovered that the fix for CVE-2023-36799 was incomplete. This update fixes the problem.
Original advisory details:
Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-36799)
It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-44487)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: aspnetcore-runtime-6.0 6.0.124-0ubuntu1~23.10.1 aspnetcore-runtime-7.0 7.0.113-0ubuntu1~23.10.1 dotnet-host 6.0.124-0ubuntu1~23.10.1 dotnet-host-7.0 7.0.113-0ubuntu1~23.10.1 dotnet-hostfxr-6.0 6.0.124-0ubuntu1~23.10.1 dotnet-hostfxr-7.0 7.0.113-0ubuntu1~23.10.1 dotnet-runtime-6.0 6.0.124-0ubuntu1~23.10.1 dotnet-runtime-7.0 7.0.113-0ubuntu1~23.10.1 dotnet-sdk-6.0 6.0.124-0ubuntu1~23.10.1 dotnet-sdk-7.0 7.0.113-0ubuntu1~23.10.1 dotnet6 6.0.124-0ubuntu1~23.10.1 dotnet7 7.0.113-0ubuntu1~23.10.1
In general, a standard system update will make all the necessary changes.
The following data is constructed from data provided by Red Hat's json file at:
https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5896.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
==================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.12.40 bug fix and security update Advisory ID: RHSA-2023:5896-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:5896 Issue date: 2023-10-25 Revision: 01 CVE Names: CVE-2023-44487 ====================================================================
Summary:
Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.12.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.40. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2023:5898
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html
Security Fix(es):
- HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html
Solution:
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html
CVEs:
CVE-2023-44487
References:
https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5522-1 security@debian.org https://www.debian.org/security/ Markus Koschany October 10, 2023 https://www.debian.org/security/faq
Package : tomcat9 CVE ID : CVE-2023-24998 CVE-2023-41080 CVE-2023-42795 CVE-2023-44487 CVE-2023-45648
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
CVE-2023-24998
Denial of service. Tomcat uses a packaged renamed copy of Apache Commons
FileUpload to provide the file upload functionality defined in the Jakarta
Servlet specification. Apache Tomcat was, therefore, also vulnerable to the
Commons FileUpload vulnerability CVE-2023-24998 as there was no limit to
the number of request parts processed. This resulted in the possibility of
an attacker triggering a DoS with a malicious upload or series of uploads.
CVE-2023-41080
Open redirect. If the ROOT (default) web application is configured to use
FORM authentication then it is possible that a specially crafted URL could
be used to trigger a redirect to an URL of the attackers choice.
CVE-2023-42795
Information Disclosure. When recycling various internal objects, including
the request and the response, prior to re-use by the next request/response,
an error could cause Tomcat to skip some parts of the recycling process
leading to information leaking from the current request/response to the
next.
CVE-2023-44487
DoS caused by HTTP/2 frame overhead (Rapid Reset Attack)
CVE-2023-45648
Request smuggling. Tomcat did not correctly parse HTTP trailer headers. A
specially crafted, invalid trailer header could cause Tomcat to treat a
single request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.
For the oldstable distribution (bullseye), these problems have been fixed in version 9.0.43-2~deb11u7.
We recommend that you upgrade your tomcat9 packages.
For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUlyBRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRBnhAAk1o0EDLnX1zaS0Xnz9jybhd9XdXat1HwZXvV3XFRGVXu5+r2bKH+KQjU 0GJ6koP3KDt10DrI8DzOq+9Msu0/TbPYAZKDHPjPYfcUqXRmwRrvTXtq5cbR5v3+ JxgJhiqjQYb1DYiDLC5iU+6aryrZg2ma1i81lG5v8N1TDfaCHzbZiMpyeYEABkd7 eKX3tzngoK9UaIgYVBxrjnM9bPRWnRFJRBMu/hs4VS6gxqzAaZT72Tcaf0Vf3t1s Es5IMgrhBC0Q2Amlm3N5z37p0nlhnJdNC3dAHetRCy92g9/KsjB/1BZfYY7rM8wV WwvB5WwQ0T4eRqKmc8yY86sUdfXkhPqz1oFDbnNgxtBjMm2z/of9pNEm+2NCpv9P 3MpCIKsEWiGH8+uleGuFhAHoWeUYjDNJjH1di6+PYZoBaEJ8eiXct/THBt/0nvFR Nh6AFDqi1Hi5/GdPK71eFRDsXOwgSuRg1ZRJtJP1W/dYEiczP89l0CM04PwxEAn2 dbE2ZCUQmIzQdng4OAHt+ze+QDini4HtoRJnQHq4P/QUIEQAE9C0hOIMMnrtpqIY A77Qa1bBVqDgLlhvSmpSrVigmfyXSpmtfc9G0KXcq5IAvr75jZ0PNuIk/VTyklYj e3g3nA1rbB1jlx6cvPqWBFItXW8800mJ0CXHb8EN8jKdB5BnooY= =6KYM -----END PGP SIGNATURE----- .
Description:
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202310-0175",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "node healthcheck operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "secure dynamic attributes connector",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.0"
},
{
"model": "varnish cache",
"scope": "lt",
"trust": 1.0,
"vendor": "varnish cache",
"version": "2023-10-10"
},
{
"model": "decision manager",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "openshift",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "nginx plus",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "r29"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "build of quarkus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "netty",
"scope": "lt",
"trust": 1.0,
"vendor": "netty",
"version": "4.1.100"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "cost management",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "nx-os",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.2\\(7\\)"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.0"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "kong gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "konghq",
"version": "3.4.2"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "prime network registrar",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.2"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "openshift virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"model": "big-ip domain name system",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "nginx ingress controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "3.0.0"
},
{
"model": "integration camel k",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "integration service registry",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "migration toolkit for applications",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "solr",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "9.4.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "iot field network director",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.11.0"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "openshift distributed tracing",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.6"
},
{
"model": "cbl-mariner",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2023-10-11"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.23"
},
{
"model": "big-ip next",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "20.0.1"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "openstack platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "16.2"
},
{
"model": "unified contact center enterprise - live data server",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6.2"
},
{
"model": "nx-os",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(5\\)"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "caddy",
"scope": "lt",
"trust": 1.0,
"vendor": "caddyserver",
"version": "2.7.5"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip application visibility and reporting",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "expressway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "x14.3.3"
},
{
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "nghttp2",
"scope": "lt",
"trust": 1.0,
"vendor": "nghttp2",
"version": "1.57.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "openshift pipelines",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "unified contact center domain manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "12.0.0"
},
{
"model": "openshift secondary scheduler operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "openstack platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "16.1"
},
{
"model": "grpc",
"scope": "gte",
"trust": 1.0,
"vendor": "grpc",
"version": "1.58.0"
},
{
"model": "swiftnio http\\/2",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "1.28.0"
},
{
"model": "openshift dev spaces",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "windows 10 21h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.19044.3570"
},
{
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "opensearch data prepper",
"scope": "lt",
"trust": 1.0,
"vendor": "amazon",
"version": "2.5.0"
},
{
"model": "telepresence video communication server",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "x14.3.3"
},
{
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "advanced cluster security",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "business process automation",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.003.009"
},
{
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "enterprise chat and email",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "linkerd",
"scope": "lte",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.12.5"
},
{
"model": "service interconnect",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "machine deletion remediation operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "satellite",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.7.5"
},
{
"model": "windows 11 21h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.22000.2538"
},
{
"model": "traefik",
"scope": "eq",
"trust": 1.0,
"vendor": "traefik",
"version": "3.0.0"
},
{
"model": "single sign-on",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ios xr",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.11.2"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "10.0.0"
},
{
"model": "ultra cloud core - serving gateway function",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.02.0"
},
{
"model": "secure malware analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.19.2"
},
{
"model": "self node remediation operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.80"
},
{
"model": "nx-os",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "10.4\\(1\\)"
},
{
"model": "cryostat",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "nginx plus",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "r29"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "20.8.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "38"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.6.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "11.0.0"
},
{
"model": "grpc",
"scope": "lte",
"trust": 1.0,
"vendor": "grpc",
"version": "1.59.2"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "openshift api for data protection",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "integration camel for spring boot",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "istio",
"scope": "gte",
"trust": 1.0,
"vendor": "istio",
"version": "1.18.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "support for spring boot",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "prime infrastructure",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10.4"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.93"
},
{
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "nginx plus",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "r25"
},
{
"model": "web terminal",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "nx-os",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.4\\(2\\)"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "ceph storage",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "proxygen",
"scope": "lt",
"trust": 1.0,
"vendor": "facebook",
"version": "2023.10.16.00"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "nx-os",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(1\\)"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.4.2"
},
{
"model": "traffic server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "9.2.3"
},
{
"model": "istio",
"scope": "gte",
"trust": 1.0,
"vendor": "istio",
"version": "1.19.0"
},
{
"model": "http2",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "0.17.0"
},
{
"model": "windows 10 1607",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.14393.6351"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "crosswork zero touch provisioning",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "node maintenance operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "networking",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "0.17.0"
},
{
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.14.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "grpc",
"scope": "eq",
"trust": 1.0,
"vendor": "grpc",
"version": "1.57.0"
},
{
"model": ".net",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.12"
},
{
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "run once duration override operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip next service proxy for kubernetes",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.8.2"
},
{
"model": "grpc",
"scope": "lt",
"trust": 1.0,
"vendor": "grpc",
"version": "1.56.3"
},
{
"model": "windows 10 22h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.19045.3570"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "10.1.13"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.7"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "advanced cluster management for kubernetes",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "advanced cluster security",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "openresty",
"scope": "lt",
"trust": 1.0,
"vendor": "openresty",
"version": "1.21.4.3"
},
{
"model": "big-ip carrier-grade nat",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "windows 10 1809",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.17763.4974"
},
{
"model": "prime cable provisioning",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.1"
},
{
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.14.1"
},
{
"model": "service telemetry framework",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.5"
},
{
"model": "windows server 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "crosswork data gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.0.0"
},
{
"model": "jboss fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "contour",
"scope": "lt",
"trust": 1.0,
"vendor": "projectcontour",
"version": "2023-10-11"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "traffic server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "8.1.9"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "nginx plus",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "r30"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "grpc",
"scope": "lt",
"trust": 1.0,
"vendor": "grpc",
"version": "1.58.3"
},
{
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "certification for red hat enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "istio",
"scope": "lt",
"trust": 1.0,
"vendor": "istio",
"version": "1.17.6"
},
{
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "data center network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "openshift sandboxed containers",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "jenkins",
"scope": "lte",
"trust": 1.0,
"vendor": "jenkins",
"version": "2.427"
},
{
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "jboss data grid",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "20.0.0"
},
{
"model": "azure kubernetes service",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2023-10-08"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "9.4.53"
},
{
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "process automation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.5"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "logging subsystem for red hat openshift",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.24.10"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.27.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "crosswork situation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "ultra cloud core - policy control function",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.01.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "istio",
"scope": "lt",
"trust": 1.0,
"vendor": "istio",
"version": "1.18.3"
},
{
"model": "connected mobile experiences",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.1"
},
{
"model": "istio",
"scope": "lt",
"trust": 1.0,
"vendor": "istio",
"version": "1.19.1"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.0"
},
{
"model": "jboss a-mq streams",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "18.18.2"
},
{
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "crosswork data gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.0.2"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "10.0.17"
},
{
"model": "jboss fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "10.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "12.0.2"
},
{
"model": "3scale api management platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "ansible automation platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "go",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "1.21.3"
},
{
"model": "traefik",
"scope": "lt",
"trust": 1.0,
"vendor": "traefik",
"version": "2.10.5"
},
{
"model": "openshift gitops",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.12"
},
{
"model": "go",
"scope": "gte",
"trust": 1.0,
"vendor": "golang",
"version": "1.21.0"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "11.0.17"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.25.2"
},
{
"model": "windows server 2022",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": ".net",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.23"
},
{
"model": "jboss a-mq",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.2.20"
},
{
"model": "nginx ingress controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "2.0.0"
},
{
"model": "ultra cloud core - session management function",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.02.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "ultra cloud core - policy control function",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.01.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "openstack platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "17.1"
},
{
"model": "network observability operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.4.12"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "18.0.0"
},
{
"model": "http",
"scope": "eq",
"trust": 1.0,
"vendor": "ietf",
"version": "2.0"
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "crosswork data gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.3"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "openshift developer tools and services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.26.4"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "fence agents remediation operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "http2",
"scope": "lt",
"trust": 1.0,
"vendor": "kazu yamamoto",
"version": "4.2.2"
},
{
"model": "ios xe",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "17.15.1"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip next service proxy for kubernetes",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.0"
},
{
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "fog director",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.22"
},
{
"model": "certification for red hat enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"model": "go",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "1.20.10"
},
{
"model": "migration toolkit for virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip ssl orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "prime access registrar",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3.3"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "windows 11 22h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.22621.2428"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "cert-manager operator for red hat openshift",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "migration toolkit for containers",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip websafe",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "openshift data science",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "h2o",
"scope": "lt",
"trust": 1.0,
"vendor": "dena",
"version": "2023-10-10"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "nginx ingress controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "2.4.2"
},
{
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "akka",
"version": "10.5.3"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.13.1"
},
{
"model": "jenkins",
"scope": "lte",
"trust": 1.0,
"vendor": "jenkins",
"version": "2.414.2"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.13.0"
},
{
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "openshift container platform assisted installer",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "astra control center",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "secure web appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "15.1.0"
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.25.9"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "apisix",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "3.6.1"
},
{
"model": "openshift serverless",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.4"
},
{
"model": "nginx ingress controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "3.3.0"
},
{
"model": "armeria",
"scope": "lt",
"trust": 1.0,
"vendor": "linecorp",
"version": "1.26.0"
},
{
"model": "unified contact center management portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "11.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "build of optaplanner",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "linkerd",
"scope": "gte",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "12.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "175298"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "175325"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175172"
},
{
"db": "PACKETSTORM",
"id": "175970"
}
],
"trust": 0.7
},
"cve": "CVE-2023-44487",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-44487",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-44487",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-44487",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. The updated image includes new features and bug fixes. \n\nIt contains the following bug fixes and changes:\n\n* Previously, Red Hat OpenShift Container Platform customers using the downloaded manifest bundle with automatic upgrades enabled found that Sensor did not automatically upgrade, and failed with a `PRE_FLIGHT_CHECKS_FAILED` error. This issue has been fixed. (ROX-19955)\n\n* RHACS 4.2.2 includes a new default policy called \\\"Rapid Reset: Denial of\nService Vulnerability in HTTP/2 Protocol\\\". This policy alerts on\ndeployments with images containing components that are susceptible to a\nDenial of Service (DoS) vulnerability for HTTP/2 servers, based on\nCVE-2023-44487 and CVE-2023-39325. This policy applies to the build or\ndeploy life cycle stage. \n\n\n\n\nDescription:\n\nThis asynchronous patch is a security update zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.13. ==========================================================================\nUbuntu Security Notice USN-6438-2\nOctober 25, 2023\n\n.Net regressions\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n\nSummary:\n\nAn incomplete fix was discovered in .Net. \n\nSoftware Description:\n- dotnet6: dotNET CLI tools and runtime\n- dotnet7: dotNET CLI tools and runtime\n\nDetails:\n\nUSN-6438-1 fixed vulnerabilities in .Net. It was discovered that the fix\nfor [CVE-2023-36799](https://ubuntu.com/security/CVE-2023-36799) was incomplete. This update fixes the problem. \n\nOriginal advisory details:\n\n Kevin Jones discovered that .NET did not properly process certain\n X.509 certificates. An attacker could possibly use this issue to\n cause a denial of service. (CVE-2023-36799)\n \n It was discovered that the .NET Kestrel web server did not properly\n handle HTTP/2 requests. A remote attacker could possibly use this\n issue to cause a denial of service. (CVE-2023-44487)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n aspnetcore-runtime-6.0 6.0.124-0ubuntu1~23.10.1\n aspnetcore-runtime-7.0 7.0.113-0ubuntu1~23.10.1\n dotnet-host 6.0.124-0ubuntu1~23.10.1\n dotnet-host-7.0 7.0.113-0ubuntu1~23.10.1\n dotnet-hostfxr-6.0 6.0.124-0ubuntu1~23.10.1\n dotnet-hostfxr-7.0 7.0.113-0ubuntu1~23.10.1\n dotnet-runtime-6.0 6.0.124-0ubuntu1~23.10.1\n dotnet-runtime-7.0 7.0.113-0ubuntu1~23.10.1\n dotnet-sdk-6.0 6.0.124-0ubuntu1~23.10.1\n dotnet-sdk-7.0 7.0.113-0ubuntu1~23.10.1\n dotnet6 6.0.124-0ubuntu1~23.10.1\n dotnet7 7.0.113-0ubuntu1~23.10.1\n\nIn general, a standard system update will make all the necessary changes. \n\nThe following data is constructed from data provided by Red Hat\u0027s json file at:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5896.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.12.40 bug fix and security update\nAdvisory ID: RHSA-2023:5896-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:5896\nIssue date: 2023-10-25\nRevision: 01\nCVE Names: CVE-2023-44487\n====================================================================\n\nSummary: \n\nRed Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.12. \n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.12.40. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2023:5898\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html\n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section. \n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html\n\n\nSolution:\n\nhttps://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html\n\n\n\nCVEs:\n\nCVE-2023-44487\n\nReferences:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5522-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nOctober 10, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat9\nCVE ID : CVE-2023-24998 CVE-2023-41080 CVE-2023-42795 CVE-2023-44487\n CVE-2023-45648\n\nSeveral security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. \n\nCVE-2023-24998\n\n Denial of service. Tomcat uses a packaged renamed copy of Apache Commons\n FileUpload to provide the file upload functionality defined in the Jakarta\n Servlet specification. Apache Tomcat was, therefore, also vulnerable to the\n Commons FileUpload vulnerability CVE-2023-24998 as there was no limit to\n the number of request parts processed. This resulted in the possibility of\n an attacker triggering a DoS with a malicious upload or series of uploads. \n\nCVE-2023-41080\n\n Open redirect. If the ROOT (default) web application is configured to use\n FORM authentication then it is possible that a specially crafted URL could\n be used to trigger a redirect to an URL of the attackers choice. \n\nCVE-2023-42795\n\n Information Disclosure. When recycling various internal objects, including\n the request and the response, prior to re-use by the next request/response,\n an error could cause Tomcat to skip some parts of the recycling process\n leading to information leaking from the current request/response to the\n next. \n\nCVE-2023-44487\n\n DoS caused by HTTP/2 frame overhead (Rapid Reset Attack)\n\nCVE-2023-45648\n\n Request smuggling. Tomcat did not correctly parse HTTP trailer headers. A\n specially crafted, invalid trailer header could cause Tomcat to treat a\n single request as multiple requests leading to the possibility of request\n smuggling when behind a reverse proxy. \n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 9.0.43-2~deb11u7. \n\nWe recommend that you upgrade your tomcat9 packages. \n\nFor the detailed security status of tomcat9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUlyBRfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRBnhAAk1o0EDLnX1zaS0Xnz9jybhd9XdXat1HwZXvV3XFRGVXu5+r2bKH+KQjU\n0GJ6koP3KDt10DrI8DzOq+9Msu0/TbPYAZKDHPjPYfcUqXRmwRrvTXtq5cbR5v3+\nJxgJhiqjQYb1DYiDLC5iU+6aryrZg2ma1i81lG5v8N1TDfaCHzbZiMpyeYEABkd7\neKX3tzngoK9UaIgYVBxrjnM9bPRWnRFJRBMu/hs4VS6gxqzAaZT72Tcaf0Vf3t1s\nEs5IMgrhBC0Q2Amlm3N5z37p0nlhnJdNC3dAHetRCy92g9/KsjB/1BZfYY7rM8wV\nWwvB5WwQ0T4eRqKmc8yY86sUdfXkhPqz1oFDbnNgxtBjMm2z/of9pNEm+2NCpv9P\n3MpCIKsEWiGH8+uleGuFhAHoWeUYjDNJjH1di6+PYZoBaEJ8eiXct/THBt/0nvFR\nNh6AFDqi1Hi5/GdPK71eFRDsXOwgSuRg1ZRJtJP1W/dYEiczP89l0CM04PwxEAn2\ndbE2ZCUQmIzQdng4OAHt+ze+QDini4HtoRJnQHq4P/QUIEQAE9C0hOIMMnrtpqIY\nA77Qa1bBVqDgLlhvSmpSrVigmfyXSpmtfc9G0KXcq5IAvr75jZ0PNuIk/VTyklYj\ne3g3nA1rbB1jlx6cvPqWBFItXW8800mJ0CXHb8EN8jKdB5BnooY=\n=6KYM\n-----END PGP SIGNATURE-----\n. \n\n\n\n\nDescription:\n\nVarnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up. \n\n\n\n\nDescription:\n\nNode.js is a software development platform for building fast and scalable network applications in the JavaScript programming language",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
},
{
"db": "PACKETSTORM",
"id": "175298"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "175330"
},
{
"db": "PACKETSTORM",
"id": "175325"
},
{
"db": "PACKETSTORM",
"id": "176035"
},
{
"db": "PACKETSTORM",
"id": "175070"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175172"
},
{
"db": "PACKETSTORM",
"id": "175970"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-44487",
"trust": 2.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/19/6",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/10/6",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/20/8",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/18/4",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/10/7",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/18/8",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/13/4",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/13/9",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/08/13/6",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "175298",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175273",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175390",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175330",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175325",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176035",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175070",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175231",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175172",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175970",
"trust": 0.1
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "175298"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "175330"
},
{
"db": "PACKETSTORM",
"id": "175325"
},
{
"db": "PACKETSTORM",
"id": "176035"
},
{
"db": "PACKETSTORM",
"id": "175070"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175172"
},
{
"db": "PACKETSTORM",
"id": "175970"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"id": "VAR-202310-0175",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.384739252
},
"last_update_date": "2025-12-22T22:37:57.843000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"trust": 1.0,
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/"
},
{
"trust": 1.0,
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"trust": 1.0,
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"trust": 1.0,
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"trust": 1.0,
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"trust": 1.0,
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"trust": 1.0,
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"trust": 1.0,
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"trust": 1.0,
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"trust": 1.0,
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"trust": 1.0,
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"trust": 1.0,
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"trust": 1.0,
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/"
},
{
"trust": 1.0,
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"trust": 1.0,
"url": "https://github.com/advisories/ghsa-qppj-fm5r-hxr3"
},
{
"trust": 1.0,
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/"
},
{
"trust": 1.0,
"url": "https://github.com/h2o/h2o/security/advisories/ghsa-2m7v-gc89-fjqf"
},
{
"trust": 1.0,
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"trust": 1.0,
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"trust": 1.0,
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"trust": 1.0,
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#l1101-l1113"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/"
},
{
"trust": 1.0,
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"trust": 1.0,
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"trust": 1.0,
"url": "https://github.com/bcdannyboy/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/"
},
{
"trust": 1.0,
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
},
{
"trust": 1.0,
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"trust": 1.0,
"url": "https://netty.io/news/2023/10/10/4-1-100-final.html"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/"
},
{
"trust": 1.0,
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"trust": 1.0,
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#l73"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/"
},
{
"trust": 1.0,
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/"
},
{
"trust": 1.0,
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"trust": 1.0,
"url": "https://github.com/advisories/ghsa-vx74-f528-fxqg"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"trust": 1.0,
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/readme.md?plain=1#l239-l244"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"trust": 1.0,
"url": "https://ubuntu.com/security/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"trust": 1.0,
"url": "https://github.com/golang/go/issues/63417"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/"
},
{
"trust": 1.0,
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/"
},
{
"trust": 1.0,
"url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/"
},
{
"trust": 1.0,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://github.com/advisories/ghsa-xpw8-rcwv-8f8p"
},
{
"trust": 1.0,
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/"
},
{
"trust": 1.0,
"url": "https://security.paloaltonetworks.com/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"trust": 1.0,
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"trust": 1.0,
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/"
},
{
"trust": 1.0,
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"trust": 1.0,
"url": "https://lists.w3.org/archives/public/ietf-http-wg/2023octdec/0025.html"
},
{
"trust": 1.0,
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"trust": 1.0,
"url": "https://www.phoronix.com/news/http2-rapid-reset-attack"
},
{
"trust": 1.0,
"url": "https://github.com/kong/kong/discussions/11741"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"trust": 1.0,
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/"
},
{
"trust": 1.0,
"url": "https://groups.google.com/g/golang-announce/c/innxdtcjzvo"
},
{
"trust": 1.0,
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"trust": 1.0,
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/"
},
{
"trust": 1.0,
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-october/s36q5hbxr7caimpllprsssyr4pcmwilk.html"
},
{
"trust": 1.0,
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"trust": 1.0,
"url": "https://github.com/arkrwn/poc/tree/main/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/"
},
{
"trust": 1.0,
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/"
},
{
"trust": 1.0,
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"trust": 1.0,
"url": "https://github.com/microsoft/cbl-mariner/pull/6381"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/"
},
{
"trust": 1.0,
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"trust": 1.0,
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/"
},
{
"trust": 1.0,
"url": "https://my.f5.com/manage/s/article/k000137106"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 1.0,
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"trust": 1.0,
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/"
},
{
"trust": 1.0,
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"trust": 1.0,
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"trust": 1.0,
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"trust": 1.0,
"url": "https://github.com/line/armeria/pull/5232"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"trust": 1.0,
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/"
},
{
"trust": 1.0,
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-http2-reset-d8kf32vz"
},
{
"trust": 1.0,
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"trust": 1.0,
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/"
},
{
"trust": 1.0,
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/"
},
{
"trust": 1.0,
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"trust": 1.0,
"url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
},
{
"trust": 1.0,
"url": "https://aws.amazon.com/security/security-bulletins/aws-2023-011/"
},
{
"trust": 1.0,
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"trust": 1.0,
"url": "https://github.com/azure/aks/issues/3947"
},
{
"trust": 1.0,
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"trust": 1.0,
"url": "https://tomcat.apache.org/security-10.html#fixed_in_apache_tomcat_10.1.14"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"trust": 1.0,
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"trust": 1.0,
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-003"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6048.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-39325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-39325"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:6048"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_security_for_kubernetes/4.2/html/release_notes/release-notes-42"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5978.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/jboss_eap_xp_4.0_upgrade_and_migration_guide/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:6144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6144.json"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/2040208"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6438-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.124-0ubuntu1~23.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/2040207,"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/cve-2023-36799)"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6438-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-36799"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet7/7.0.113-0ubuntu1~23.10.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5896.json"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5896"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2023:5898"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nghttp2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-45648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-41080"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-42795"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/tomcat9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-24998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5924.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5803.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7481.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:7479"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:7481"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "175298"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "175330"
},
{
"db": "PACKETSTORM",
"id": "175325"
},
{
"db": "PACKETSTORM",
"id": "176035"
},
{
"db": "PACKETSTORM",
"id": "175070"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175172"
},
{
"db": "PACKETSTORM",
"id": "175970"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "175298"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "175330"
},
{
"db": "PACKETSTORM",
"id": "175325"
},
{
"db": "PACKETSTORM",
"id": "176035"
},
{
"db": "PACKETSTORM",
"id": "175070"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175172"
},
{
"db": "PACKETSTORM",
"id": "175970"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-24T15:55:29",
"db": "PACKETSTORM",
"id": "175298"
},
{
"date": "2023-10-23T14:26:48",
"db": "PACKETSTORM",
"id": "175273"
},
{
"date": "2023-10-30T12:35:28",
"db": "PACKETSTORM",
"id": "175390"
},
{
"date": "2023-10-25T13:48:01",
"db": "PACKETSTORM",
"id": "175330"
},
{
"date": "2023-10-25T13:46:22",
"db": "PACKETSTORM",
"id": "175325"
},
{
"date": "2023-12-04T13:45:34",
"db": "PACKETSTORM",
"id": "176035"
},
{
"date": "2023-10-11T16:46:58",
"db": "PACKETSTORM",
"id": "175070"
},
{
"date": "2023-10-20T14:32:43",
"db": "PACKETSTORM",
"id": "175231"
},
{
"date": "2023-10-18T16:26:02",
"db": "PACKETSTORM",
"id": "175172"
},
{
"date": "2023-11-29T12:44:32",
"db": "PACKETSTORM",
"id": "175970"
},
{
"date": "2023-10-10T14:15:10.883000",
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-11-07T19:00:41.810000",
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "175330"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2023-6048-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "175298"
}
],
"trust": 0.1
}
}
VAR-201908-0266
Vulnerability from variot - Updated: 2025-12-22 22:13Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper parsing of zero length headers by the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. nginx.org has confirmed the vulnerability and released software updates.
For the oldstable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u3.
For the stable distribution (buster), these problems have been fixed in version 1.14.2-2+deb10u1.
We recommend that you upgrade your nginx packages.
For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1e7q4ACgkQEMKTtsN8 TjanPg/+JLLuKVdUDpVPFNkX1ckmT5gsoCwzGz3ybhcDMxbf7jD8jtmXFiGFn4fP MXsx6MgrRZn3hq+2VF6MKZjKh9n1hBX38PkqjHKEtV6Xzor97xxLH0rrMlBMEQ7y rz96YTffJfcj+ykI3Vlye1GGDEiKyu0vWgoutXH3i8GUYFyDk//HQdI0eJLQhkfo TMRdbAKmMGeMt/8tSz4G0wewdxc9xjNwE1lKkV22JbT6t656f5QtvOLxt2HvM5c4 gFtFFBv7e1ymh0CKz4VxOxjEH+4ogx5HfzcYP2LjaZJsCFOw8ZUbdieFhlF0R2jH vskBuYLPa/djYHoZ55KY/WTmTsn72y7ZEuQcAdiHRVjg6wRFaum/KkdwutBBCeEj odvrGUcgdLLx4uAC7JOt9HME77Rgu1wTnx3l9L3QCwxIXpHqL8zOuSrSKYDuntDT agQ/awapEYYK5IAgo7YGkhHHHbTSLQ2UX9KfmyoPXJ+H9Vl/XjGhPwdDSEYNqrE9 IKQ8gaFCVOgjJo8lTa5NBsvxa08Gh6jQGZo8Rgfjs4KvUS847Cpb086BvU9pMs36 46+cLbkJ2jkfMLd4slZ5Gf2wkagUJmeZD5O7bY90Szs/IUOJez0LWaN3l7VSMtvY a3a/Y53cX1QYt60eiE6x/ifraOHzcsJglrUNmK8VPfJ9tSTFhWY=+ZOE -----END PGP SIGNATURE----- . 7) - noarch, x86_64
- Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.1). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx110-nginx security update Advisory ID: RHSA-2019:2745-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2745 Issue date: 2019-09-12 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary:
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
-
HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx110-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXXoyktzjgjWX9erEAQhqVxAApUw26k8XmcjEQM1gNlPgcNvj98eqGOxP vsQLEYCjMQuNtZdeZdgSGv1RLdIxK60CByHpOpy4HVa2cN96CLTDl+cRd2l5JyK2 mVCGTg6Iyin0Vp0gRLG8xwUZqiqfwRRmdvFaK2YD8sH3ykBAheg3udRBr11/l8X+ 4kBCmOttfl0ZTNe/VBi8j5l8bpSZm2W9Hw0gzdzFikI8ScPSOzZkmgRXT3LBCt2k rNGGNrrJLOC9jqwsNea6WXIpmTIdbtiAnL6V22adVjdBGkoJBxe79pqdgvJNYC14 ENl1NKX0UEidrYZ/PS6YtCnFNEpsONM43ZtHliEzMxYCnk/pQNAx4iArdf81tKG6 uglPwQlgaEJm+/2Nnlst07cABT9boYOUcGiKpQhzzs9QuABqJN1u2ZgTDmQkq9gU BGuV3ejUHRHlYuMyNNS/L9SLDAHptsCEzpEzr8Vl4T+m1ah9+AUeI+PqgO1n/1Nl Omt/g+f6ErlKMF2Jf8VkuYnLroqptZefYQJ1+mP9PhYYCh7jw3r00xi036SNeR/0 Elhvl6t48tYTZogIaOetCuJGgukluOPlYBJAlj2/pQjWlAWAYvvb5ha0fitXbDJR LF0KoJoT/6yZLD+XAuHkM9j7spA0iND1czI5j1Ay6R6DnsGAubJxdB4L0RRQ2U7X zMtgbVh8BNU=zH69 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
JBCS-828 - Rebase nghttp2 to 1.39.2
- Description:
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically. Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update). 8) - aarch64, noarch, ppc64le, s390x, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0266",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.24"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.2"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2.0"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.16.1"
},
{
"model": "swiftnio",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.16.3"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.16.1"
},
{
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.1.0"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.5"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"model": "swiftnio",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.0"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.13"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.8.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.6"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "akamai",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache traffic server",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cloudflare",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "envoy",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "facebook",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "litespeed",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netty",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "twisted",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grpc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nghttp2",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "NVD",
"id": "CVE-2019-9516"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "154698"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154663"
}
],
"trust": 0.9
},
"cve": "CVE-2019-9516",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-9516",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160951",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-9516",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9516",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9516",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cret@cert.org",
"id": "CVE-2019-9516",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-938",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-160951",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-9516",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160951"
},
{
"db": "VULMON",
"id": "CVE-2019-9516"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-938"
},
{
"db": "NVD",
"id": "CVE-2019-9516"
},
{
"db": "NVD",
"id": "CVE-2019-9516"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. \nThe vulnerability is due to improper parsing of zero length headers by the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that\nsubmits malicious input to an affected system. A successful exploit\ncould result in a DoS condition on the targeted system. \nnginx.org has confirmed the vulnerability and released software updates. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 1.10.3-1+deb9u3. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.14.2-2+deb10u1. \n\nWe recommend that you upgrade your nginx packages. \n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1e7q4ACgkQEMKTtsN8\nTjanPg/+JLLuKVdUDpVPFNkX1ckmT5gsoCwzGz3ybhcDMxbf7jD8jtmXFiGFn4fP\nMXsx6MgrRZn3hq+2VF6MKZjKh9n1hBX38PkqjHKEtV6Xzor97xxLH0rrMlBMEQ7y\nrz96YTffJfcj+ykI3Vlye1GGDEiKyu0vWgoutXH3i8GUYFyDk//HQdI0eJLQhkfo\nTMRdbAKmMGeMt/8tSz4G0wewdxc9xjNwE1lKkV22JbT6t656f5QtvOLxt2HvM5c4\ngFtFFBv7e1ymh0CKz4VxOxjEH+4ogx5HfzcYP2LjaZJsCFOw8ZUbdieFhlF0R2jH\nvskBuYLPa/djYHoZ55KY/WTmTsn72y7ZEuQcAdiHRVjg6wRFaum/KkdwutBBCeEj\nodvrGUcgdLLx4uAC7JOt9HME77Rgu1wTnx3l9L3QCwxIXpHqL8zOuSrSKYDuntDT\nagQ/awapEYYK5IAgo7YGkhHHHbTSLQ2UX9KfmyoPXJ+H9Vl/XjGhPwdDSEYNqrE9\nIKQ8gaFCVOgjJo8lTa5NBsvxa08Gh6jQGZo8Rgfjs4KvUS847Cpb086BvU9pMs36\n46+cLbkJ2jkfMLd4slZ5Gf2wkagUJmeZD5O7bY90Szs/IUOJez0LWaN3l7VSMtvY\na3a/Y53cX1QYt60eiE6x/ifraOHzcsJglrUNmK8VPfJ9tSTFhWY=+ZOE\n-----END PGP SIGNATURE-----\n. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs8-nodejs (8.16.1). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx110-nginx security update\nAdvisory ID: RHSA-2019:2745-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2745\nIssue date: 2019-09-12\nCVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\n====================================================================\n1. Summary:\n\nAn update for rh-nginx110-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx110-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXXoyktzjgjWX9erEAQhqVxAApUw26k8XmcjEQM1gNlPgcNvj98eqGOxP\nvsQLEYCjMQuNtZdeZdgSGv1RLdIxK60CByHpOpy4HVa2cN96CLTDl+cRd2l5JyK2\nmVCGTg6Iyin0Vp0gRLG8xwUZqiqfwRRmdvFaK2YD8sH3ykBAheg3udRBr11/l8X+\n4kBCmOttfl0ZTNe/VBi8j5l8bpSZm2W9Hw0gzdzFikI8ScPSOzZkmgRXT3LBCt2k\nrNGGNrrJLOC9jqwsNea6WXIpmTIdbtiAnL6V22adVjdBGkoJBxe79pqdgvJNYC14\nENl1NKX0UEidrYZ/PS6YtCnFNEpsONM43ZtHliEzMxYCnk/pQNAx4iArdf81tKG6\nuglPwQlgaEJm+/2Nnlst07cABT9boYOUcGiKpQhzzs9QuABqJN1u2ZgTDmQkq9gU\nBGuV3ejUHRHlYuMyNNS/L9SLDAHptsCEzpEzr8Vl4T+m1ah9+AUeI+PqgO1n/1Nl\nOmt/g+f6ErlKMF2Jf8VkuYnLroqptZefYQJ1+mP9PhYYCh7jw3r00xi036SNeR/0\nElhvl6t48tYTZogIaOetCuJGgukluOPlYBJAlj2/pQjWlAWAYvvb5ha0fitXbDJR\nLF0KoJoT/6yZLD+XAuHkM9j7spA0iND1czI5j1Ay6R6DnsGAubJxdB4L0RRQ2U7X\nzMtgbVh8BNU=zH69\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-828 - Rebase nghttp2 to 1.39.2\n\n6. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. After installing the updated\npackages, the httpd daemon will be restarted automatically. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9516"
},
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160951"
},
{
"db": "VULMON",
"id": "CVE-2019-9516"
},
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "154190"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "154698"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154663"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9516",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#605641",
"trust": 2.6
},
{
"db": "MCAFEE",
"id": "SB10296",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-938",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "154190",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157214",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156852",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3116",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3213",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4788",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3129",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1076",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4645",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4403",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1335",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3299",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0100",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1030",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156941",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155414",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "154698",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154697",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-160951",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-9516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154510",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154712",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154470",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154533",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155416",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154663",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160951"
},
{
"db": "VULMON",
"id": "CVE-2019-9516"
},
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "154190"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "154698"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-938"
},
{
"db": "NVD",
"id": "CVE-2019-9516"
}
]
},
"id": "VAR-201908-0266",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160951"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T22:13:19.610000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96621"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192950 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192946 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx110-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192745 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx114-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192775 - Security Advisory"
},
{
"title": "Red Hat: Important: nginx:1.14 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192799 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx112-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192746 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Quay v3.1.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192966 - Security Advisory"
},
{
"title": "Red Hat: CVE-2019-9516",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-9516"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=aa3f98e7e42f366cb232cf3ada195106"
},
{
"title": "Ubuntu Security Notice: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4099-1"
},
{
"title": "Debian Security Advisories: DSA-4505-1 nginx -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b38c3ef2fccf5f32d01340c117d4ef05"
},
{
"title": "Red Hat: Important: nodejs:10 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192925 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-9516"
},
{
"title": "Red Hat: Important: rh-nodejs8-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192955 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nodejs10-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192939 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201908-13] nginx: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-13"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1299",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1299"
},
{
"title": "Arch Linux Advisories: [ASA-201908-12] nginx-mainline: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-12"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1342",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1342"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193935 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193932 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193933 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat AMQ Broker 7.4.3 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201445 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat AMQ Broker 7.6 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200922 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200983 - Security Advisory"
},
{
"title": "IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3b9c6b5fbfb51d956856e88dff5a7acd"
},
{
"title": "IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5ad9418973cac91ba73c01ad16b1f5a4"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=89d19e42a01e098dd5f88e0433d2bb5d"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8f76cfb8f0c5ea84a0bc28705788f854"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ce0280dd79176d32c26f34906d1d4de"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b76ff63209def4a949aa18bdf6b518b8"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=247686da02fe524817c1939b0f6b6a5c"
},
{
"title": "Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-IR-19-225"
},
{
"title": "bogeitingress",
"trust": 0.1,
"url": "https://github.com/lieshoujieyuan/bogeitingress "
},
{
"title": "DC-4-Vulnhub-Walkthrough",
"trust": 0.1,
"url": "https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/khulnasoft-lab/awesome-security "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/http-bugs/147405/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-9516"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-938"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-770",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160951"
},
{
"db": "NVD",
"id": "CVE-2019-9516"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"trust": 2.6,
"url": "https://www.synology.com/security/advisory/synology_sa_19_33"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:3933"
},
{
"trust": 2.5,
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"trust": 2.4,
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3932"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3935"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2745"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2775"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2799"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2925"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2950"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2955"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/aug/24"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/aug/40"
},
{
"trust": 1.8,
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2019/aug/16"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2746"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2939"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2946"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2966"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"trust": 1.7,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
},
{
"trust": 1.6,
"url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
},
{
"trust": 1.2,
"url": "https://support.f5.com/csp/article/k02591030"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/h472d5hpxn6rrxcnfml3bk5oyc52cxf2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 0.9,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7540"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7541"
},
{
"trust": 0.8,
"url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
},
{
"trust": 0.8,
"url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h472d5hpxn6rrxcnfml3bk5oyc52cxf2/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.7,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.6,
"url": "http2-cves/"
},
{
"trust": 0.6,
"url": "https://www.cloudfoundry.org/blog/various-"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k50233772"
},
{
"trust": 0.6,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4403/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/154190/debian-security-advisory-4505-1.html"
},
{
"trust": 0.6,
"url": "https://pivotal.io/security/cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210436"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143454"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3116/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3213/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3299/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1072144"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1150960"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1137466"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1167160"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3129/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10247"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10241"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=60633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.kb.cert.org/vuls/id/605641"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nginx"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.4.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.29"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html/red_hat_jboss_core_services_apache_http_server_2.4.29_service_pack_3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-0737"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-17199"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-17189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-0734"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.6.0\u0026productchanged=yes"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0922"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160951"
},
{
"db": "VULMON",
"id": "CVE-2019-9516"
},
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "154190"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "154698"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-938"
},
{
"db": "NVD",
"id": "CVE-2019-9516"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160951"
},
{
"db": "VULMON",
"id": "CVE-2019-9516"
},
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "154190"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "154698"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-938"
},
{
"db": "NVD",
"id": "CVE-2019-9516"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "CERT/CC",
"id": "VU#605641"
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-160951"
},
{
"date": "2019-08-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9516"
},
{
"date": "2019-09-17T20:58:22",
"db": "PACKETSTORM",
"id": "154510"
},
{
"date": "2019-08-22T20:20:23",
"db": "PACKETSTORM",
"id": "154190"
},
{
"date": "2019-10-02T15:03:59",
"db": "PACKETSTORM",
"id": "154712"
},
{
"date": "2019-09-12T14:32:43",
"db": "PACKETSTORM",
"id": "154470"
},
{
"date": "2020-04-14T15:39:41",
"db": "PACKETSTORM",
"id": "157214"
},
{
"date": "2019-09-19T16:28:51",
"db": "PACKETSTORM",
"id": "154533"
},
{
"date": "2019-10-01T20:45:48",
"db": "PACKETSTORM",
"id": "154698"
},
{
"date": "2019-11-20T20:55:55",
"db": "PACKETSTORM",
"id": "155416"
},
{
"date": "2020-03-23T15:57:42",
"db": "PACKETSTORM",
"id": "156852"
},
{
"date": "2019-09-30T13:33:33",
"db": "PACKETSTORM",
"id": "154663"
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-938"
},
{
"date": "2019-08-13T21:15:12.583000",
"db": "NVD",
"id": "CVE-2019-9516"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#605641"
},
{
"date": "2020-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-160951"
},
{
"date": "2022-08-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9516"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-938"
},
{
"date": "2025-01-14T19:29:55.853000",
"db": "NVD",
"id": "CVE-2019-9516"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-938"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-938"
}
],
"trust": 0.6
}
}
VAR-201908-0263
Vulnerability from variot - Updated: 2025-12-22 21:13Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Apple SwiftNIO Used in products such as HTTP/2 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper priority changes in the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. nginx.org has confirmed the vulnerability and released software updates.
For the stable distribution (buster), these problems have been fixed in version 10.19.0~dfsg1-1.
We recommend that you upgrade your nodejs packages.
For the detailed security status of nodejs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nodejs
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6p6wwACgkQEMKTtsN8 TjYz/RAAl2mPQItVPZ7+gHf42+k3BfjOu2vgGgUNyamYKokGKD+R/GgGZhMKTdm1 EFBWZCSiEwy+vQD9+kcNCmWxZjmor0lVudgEZUt8IMTEHXirmbv5Qx539ULTKwuj TFva/I6q5umL37o0iQzEMWomsKD1gZ5yjXbZdO6ubtkiqc9c9WJUBdI3lNsmy8Wm 2MgHKFfwz2H6OR7ZLCWjIiVd/FmvuKTMR80vc8CjyHMP+JeuOoG3WXhBTjqEdWqr yYHNahMfHam4b22NX07ngoiy9joEu0Ti6HPWRk4vI2KelocAJDB+J7QZ0DuPyguI 6nB3Xj74gX4V2ps+N0LFOvtlj9pk2YUQW8klrND38i8LZQKRhHRtKuLSeql7QElt ja+6eDmuSRIlcsS/Yyxfyb9c8571hxIrw/wrg8/d2k29UdX0rqsAlQ8RC73gHfD0 eQpMJDLmKf83PHIMZCcb2THtGzeV0rTI2nOVMJ6ULCeIXVTOlXM7HKFLV8c56V2j oRy7PXu3FOuiDyKc2GKRftap9FSQLCD9AtSKO4iNT6Kx47CtiLWpUMDUv5h57Foy kyqhEiNjTK8UZH/+8prytQeH2pJ1iAq9j7ePtiyOsoI6vN2IOgP7xTyQ1QDkaKzb xKVacLkhBzO+drODEBaNlZdt2k6OewO5TR9d6oCmQT5ZLhuJ8Ak= =I2bH -----END PGP SIGNATURE----- . 8) - aarch64, ppc64le, s390x, x86_64
- Description:
libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Description:
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
This advisory covers the RPM packages for the OpenShift Service Mesh 1.0.1 release. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
MAISTRA-977 - Rebuild RPMs for 1.0.1 release
-
7) - noarch, x86_64
-
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.1). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx110-nginx security update Advisory ID: RHSA-2019:2745-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2745 Issue date: 2019-09-12 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary:
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
-
HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx110-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXXoyktzjgjWX9erEAQhqVxAApUw26k8XmcjEQM1gNlPgcNvj98eqGOxP vsQLEYCjMQuNtZdeZdgSGv1RLdIxK60CByHpOpy4HVa2cN96CLTDl+cRd2l5JyK2 mVCGTg6Iyin0Vp0gRLG8xwUZqiqfwRRmdvFaK2YD8sH3ykBAheg3udRBr11/l8X+ 4kBCmOttfl0ZTNe/VBi8j5l8bpSZm2W9Hw0gzdzFikI8ScPSOzZkmgRXT3LBCt2k rNGGNrrJLOC9jqwsNea6WXIpmTIdbtiAnL6V22adVjdBGkoJBxe79pqdgvJNYC14 ENl1NKX0UEidrYZ/PS6YtCnFNEpsONM43ZtHliEzMxYCnk/pQNAx4iArdf81tKG6 uglPwQlgaEJm+/2Nnlst07cABT9boYOUcGiKpQhzzs9QuABqJN1u2ZgTDmQkq9gU BGuV3ejUHRHlYuMyNNS/L9SLDAHptsCEzpEzr8Vl4T+m1ah9+AUeI+PqgO1n/1Nl Omt/g+f6ErlKMF2Jf8VkuYnLroqptZefYQJ1+mP9PhYYCh7jw3r00xi036SNeR/0 Elhvl6t48tYTZogIaOetCuJGgukluOPlYBJAlj2/pQjWlAWAYvvb5ha0fitXbDJR LF0KoJoT/6yZLD+XAuHkM9j7spA0iND1czI5j1Ay6R6DnsGAubJxdB4L0RRQ2U7X zMtgbVh8BNU=zH69 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed in this release. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are available from the Fuse 7.6.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/
- Bugs fixed (https://bugzilla.redhat.com/):
1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver 1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests 1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip 1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. Description:
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0263",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.24"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.2"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2.0"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.16.1"
},
{
"model": "swiftnio",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.16.3"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.9.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.16.1"
},
{
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.1.0"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.5"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.8.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"model": "swiftnio",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.0"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.13"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.8.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.6"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "akamai",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache traffic server",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cloudflare",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "envoy",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "facebook",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "litespeed",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netty",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "twisted",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grpc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nghttp2",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
},
{
"model": "traffic server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "diskstation manager",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "skynas",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "vs960hd",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "swiftnio",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008113"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:traffic_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:canonical:ubuntu_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:synology:diskstation_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:synology:skynas",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:synology:vs960hd_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:swiftnio",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008113"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "154401"
},
{
"db": "PACKETSTORM",
"id": "154848"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "156941"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
}
],
"trust": 1.3
},
"cve": "CVE-2019-9513",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9513",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160948",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9513",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9513",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9513",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cret@cert.org",
"id": "CVE-2019-9513",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-9513",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-935",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160948",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-9513",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160948"
},
{
"db": "VULMON",
"id": "CVE-2019-9513"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008113"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Apple SwiftNIO Used in products such as HTTP/2 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. \nThe vulnerability is due to improper priority changes in the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. \nnginx.org has confirmed the vulnerability and released software updates. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 10.19.0~dfsg1-1. \n\nWe recommend that you upgrade your nodejs packages. \n\nFor the detailed security status of nodejs please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nodejs\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6p6wwACgkQEMKTtsN8\nTjYz/RAAl2mPQItVPZ7+gHf42+k3BfjOu2vgGgUNyamYKokGKD+R/GgGZhMKTdm1\nEFBWZCSiEwy+vQD9+kcNCmWxZjmor0lVudgEZUt8IMTEHXirmbv5Qx539ULTKwuj\nTFva/I6q5umL37o0iQzEMWomsKD1gZ5yjXbZdO6ubtkiqc9c9WJUBdI3lNsmy8Wm\n2MgHKFfwz2H6OR7ZLCWjIiVd/FmvuKTMR80vc8CjyHMP+JeuOoG3WXhBTjqEdWqr\nyYHNahMfHam4b22NX07ngoiy9joEu0Ti6HPWRk4vI2KelocAJDB+J7QZ0DuPyguI\n6nB3Xj74gX4V2ps+N0LFOvtlj9pk2YUQW8klrND38i8LZQKRhHRtKuLSeql7QElt\nja+6eDmuSRIlcsS/Yyxfyb9c8571hxIrw/wrg8/d2k29UdX0rqsAlQ8RC73gHfD0\neQpMJDLmKf83PHIMZCcb2THtGzeV0rTI2nOVMJ6ULCeIXVTOlXM7HKFLV8c56V2j\noRy7PXu3FOuiDyKc2GKRftap9FSQLCD9AtSKO4iNT6Kx47CtiLWpUMDUv5h57Foy\nkyqhEiNjTK8UZH/+8prytQeH2pJ1iAq9j7ePtiyOsoI6vN2IOgP7xTyQ1QDkaKzb\nxKVacLkhBzO+drODEBaNlZdt2k6OewO5TR9d6oCmQT5ZLhuJ8Ak=\n=I2bH\n-----END PGP SIGNATURE-----\n. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nlibnghttp2 is a library implementing the Hypertext Transfer Protocol\nversion 2 (HTTP/2) protocol in C. Description:\n\nRed Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio\nservice mesh project, tailored for installation into an on-premise\nOpenShift Container Platform installation. \n\nThis advisory covers the RPM packages for the OpenShift Service Mesh 1.0.1\nrelease. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nMAISTRA-977 - Rebuild RPMs for 1.0.1 release\n\n7. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs8-nodejs (8.16.1). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx110-nginx security update\nAdvisory ID: RHSA-2019:2745-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2745\nIssue date: 2019-09-12\nCVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\n====================================================================\n1. Summary:\n\nAn update for rh-nginx110-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx110-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXXoyktzjgjWX9erEAQhqVxAApUw26k8XmcjEQM1gNlPgcNvj98eqGOxP\nvsQLEYCjMQuNtZdeZdgSGv1RLdIxK60CByHpOpy4HVa2cN96CLTDl+cRd2l5JyK2\nmVCGTg6Iyin0Vp0gRLG8xwUZqiqfwRRmdvFaK2YD8sH3ykBAheg3udRBr11/l8X+\n4kBCmOttfl0ZTNe/VBi8j5l8bpSZm2W9Hw0gzdzFikI8ScPSOzZkmgRXT3LBCt2k\nrNGGNrrJLOC9jqwsNea6WXIpmTIdbtiAnL6V22adVjdBGkoJBxe79pqdgvJNYC14\nENl1NKX0UEidrYZ/PS6YtCnFNEpsONM43ZtHliEzMxYCnk/pQNAx4iArdf81tKG6\nuglPwQlgaEJm+/2Nnlst07cABT9boYOUcGiKpQhzzs9QuABqJN1u2ZgTDmQkq9gU\nBGuV3ejUHRHlYuMyNNS/L9SLDAHptsCEzpEzr8Vl4T+m1ah9+AUeI+PqgO1n/1Nl\nOmt/g+f6ErlKMF2Jf8VkuYnLroqptZefYQJ1+mP9PhYYCh7jw3r00xi036SNeR/0\nElhvl6t48tYTZogIaOetCuJGgukluOPlYBJAlj2/pQjWlAWAYvvb5ha0fitXbDJR\nLF0KoJoT/6yZLD+XAuHkM9j7spA0iND1czI5j1Ay6R6DnsGAubJxdB4L0RRQ2U7X\nzMtgbVh8BNU=zH69\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.6.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests\n1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver\n1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests\n1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip\n1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests\n1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed\n1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods\n1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service\n1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes\n1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. After installing the updated\npackages, the httpd daemon will be restarted automatically",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9513"
},
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008113"
},
{
"db": "VULHUB",
"id": "VHN-160948"
},
{
"db": "VULMON",
"id": "CVE-2019-9513"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "154401"
},
{
"db": "PACKETSTORM",
"id": "154848"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "156941"
},
{
"db": "PACKETSTORM",
"id": "155416"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9513",
"trust": 3.4
},
{
"db": "CERT/CC",
"id": "VU#605641",
"trust": 3.3
},
{
"db": "MCAFEE",
"id": "SB10296",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU98433488",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008113",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155414",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156941",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3306",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3116",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4788",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1544",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3129",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1076",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4343",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4645",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4665",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0007",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4403",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4238",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4596",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0643",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3299",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0100",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "43920",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-346-01",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-160948",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-9513",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168812",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154401",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154848",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154712",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154470",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155416",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160948"
},
{
"db": "VULMON",
"id": "CVE-2019-9513"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "154401"
},
{
"db": "PACKETSTORM",
"id": "154848"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "156941"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008113"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"id": "VAR-201908-0263",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160948"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T21:13:12.668000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-4505",
"trust": 0.8,
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"title": "FEDORA-2019-befd924cfe",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"
},
{
"title": "FEDORA-2019-81985a8858",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/"
},
{
"title": "FEDORA-2019-6a2980de56",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"title": "FEDORA-2019-5a6a7bc12c",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"title": "SwiftNIO",
"trust": 0.8,
"url": "https://github.com/apple/swift-nio"
},
{
"title": "Apache Traffic Server",
"trust": 0.8,
"url": "https://github.com/apache/trafficserver"
},
{
"title": "Synology-SA-19:33 HTTP/2 DoS Attacks",
"trust": 0.8,
"url": "https://www.synology.com/ja-jp/security/advisory/Synology_SA_19_33"
},
{
"title": "USN-4099-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96619"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Service Mesh 1.0.1 RPMs",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193041 - Security Advisory"
},
{
"title": "Red Hat: Important: nghttp2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192692 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx110-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192745 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx112-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192746 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx114-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192775 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd24-httpd and httpd24-nghttp2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192949 - Security Advisory"
},
{
"title": "Red Hat: Important: nginx:1.14 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192799 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4511-1 nghttp2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5abd31eeab4f550ac0063c6db4c6fefa"
},
{
"title": "Red Hat: Important: Red Hat Quay v3.1.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192966 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4099-1"
},
{
"title": "Red Hat: CVE-2019-9513",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-9513"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=aa3f98e7e42f366cb232cf3ada195106"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-9513"
},
{
"title": "Red Hat: Important: nodejs:10 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192925 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4505-1 nginx -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b38c3ef2fccf5f32d01340c117d4ef05"
},
{
"title": "Red Hat: Important: rh-nodejs8-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192955 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nodejs10-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192939 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1298",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1298"
},
{
"title": "Arch Linux Advisories: [ASA-201908-13] nginx: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-13"
},
{
"title": "Arch Linux Advisories: [ASA-201908-17] libnghttp2: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-17"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1298",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1298"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1299",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1299"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193932 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193933 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193935 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201908-12] nginx-mainline: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-12"
},
{
"title": "Debian Security Advisories: DSA-4669-1 nodejs -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0919b27d8bf334fac6a8fbea7195b6b0"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=1258fbf11199f28879a6fcc9f39902e9"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200983 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=cbf2ee0b22e92590472860fdb3718cab"
},
{
"title": "IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3b9c6b5fbfb51d956856e88dff5a7acd"
},
{
"title": "IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5ad9418973cac91ba73c01ad16b1f5a4"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00c2\u00ae SDK for Node.js\u00e2\u201e\u00a2 in IBM Cloud",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=89d19e42a01e098dd5f88e0433d2bb5d"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8f76cfb8f0c5ea84a0bc28705788f854"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ce0280dd79176d32c26f34906d1d4de"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b76ff63209def4a949aa18bdf6b518b8"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=247686da02fe524817c1939b0f6b6a5c"
},
{
"title": "Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-IR-19-225"
},
{
"title": "bogeitingress",
"trust": 0.1,
"url": "https://github.com/lieshoujieyuan/bogeitingress "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-9513"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008113"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160948"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008113"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"trust": 2.5,
"url": "https://www.synology.com/security/advisory/synology_sa_19_33"
},
{
"trust": 2.5,
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3933"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3935"
},
{
"trust": 2.3,
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:3932"
},
{
"trust": 2.3,
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2692"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2745"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2955"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:3041"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/aug/40"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/sep/1"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2746"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2775"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2799"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2925"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2939"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2949"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2966"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"trust": 1.6,
"url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
},
{
"trust": 1.4,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k02591030"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7540"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7541"
},
{
"trust": 0.8,
"url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
},
{
"trust": 0.8,
"url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98433488/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "http2-cves/"
},
{
"trust": 0.6,
"url": "https://www.cloudfoundry.org/blog/various-"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
},
{
"trust": 0.6,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"
},
{
"trust": 0.6,
"url": "https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k50233772"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1104951"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165894"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165906"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1135167"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164346"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164364"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1544/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127397"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1128387"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4403/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
},
{
"trust": 0.6,
"url": "https://pivotal.io/security/cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
},
{
"trust": 0.6,
"url": "http-2-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9514-cve-2019-9512-cve-2019/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-console-and-rest-api-are-vulnerable-to-multiple-denial-of-service-attacks-within-"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143454"
},
{
"trust": 0.6,
"url": "http2-implementation-vulnerablility/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3306/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3116/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3299/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
},
{
"trust": 0.6,
"url": "http-2-implementation-used-by-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1150960"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1137466"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4343/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1167160"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vyatta-5600-vrouter-software-patches-release-1801-ze-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3129/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43920"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165852"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127853"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-0737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-17199"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0217"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0197"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-17189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-5407"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0196"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-0734"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nodejs"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15606"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15605"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.1/service_mesh/servicemesh-"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17570"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17570"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.6.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-5929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-15756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15756"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-16012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3802"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160948"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "154401"
},
{
"db": "PACKETSTORM",
"id": "154848"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "156941"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008113"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160948"
},
{
"db": "VULMON",
"id": "CVE-2019-9513"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "154401"
},
{
"db": "PACKETSTORM",
"id": "154848"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "156941"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008113"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "CERT/CC",
"id": "VU#605641"
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-160948"
},
{
"date": "2019-08-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9513"
},
{
"date": "2020-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "168812"
},
{
"date": "2019-09-09T23:04:07",
"db": "PACKETSTORM",
"id": "154401"
},
{
"date": "2019-10-15T00:10:40",
"db": "PACKETSTORM",
"id": "154848"
},
{
"date": "2019-11-20T23:02:22",
"db": "PACKETSTORM",
"id": "155414"
},
{
"date": "2019-10-02T15:03:59",
"db": "PACKETSTORM",
"id": "154712"
},
{
"date": "2019-09-12T14:32:43",
"db": "PACKETSTORM",
"id": "154470"
},
{
"date": "2020-03-27T13:16:40",
"db": "PACKETSTORM",
"id": "156941"
},
{
"date": "2019-11-20T20:55:55",
"db": "PACKETSTORM",
"id": "155416"
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-935"
},
{
"date": "2019-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008113"
},
{
"date": "2019-08-13T21:15:12.380000",
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#605641"
},
{
"date": "2020-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-160948"
},
{
"date": "2022-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9513"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-935"
},
{
"date": "2019-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008113"
},
{
"date": "2025-01-14T19:29:55.853000",
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
}
],
"trust": 0.6
}
}
VAR-202106-1921
Vulnerability from variot - Updated: 2025-12-22 20:10A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. nginx The resolver contains a vulnerability in determining boundary conditions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. Affected products and versions are as follows: nginx: 0.6.18, 0.6.19 0.6.20, 0.6.21, 0.6.22 0.6.23, 0.6.24, 0.6.25, 0.6.26, 0.6.27, 0.6. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)
-
redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)
-
redis: Integer overflow issue with Streams (CVE-2021-32627)
-
redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628)
-
redis: Integer overflow issue with intsets (CVE-2021-32687)
-
redis: Integer overflow issue with strings (CVE-2021-41099)
-
redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672)
-
redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675)
-
object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 (CVE-2021-23434)
Bug fixes:
-
RHACM 2.2.9 images (BZ #1999601)
-
Bugs fixed (https://bugzilla.redhat.com/):
1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1999601 - RHACM 2.2.9 images 1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings
-
Gentoo Linux Security Advisory GLSA 202105-38
https://security.gentoo.org/
Severity: High Title: nginx: Remote code execution Date: May 26, 2021 Bugs: #792087 ID: 202105-38
Synopsis
A vulnerability in nginx could lead to remote code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.21.0 >= 1.20.1:0 >= 1.21.0:mainline
Description
It was discovered that nginx did not properly handle DNS responses when "resolver" directive is used.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.20.1"
All nginx mainline users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-servers/nginx-1.21.0:mainline"
References
[ 1 ] CVE-2021-23017 https://nvd.nist.gov/vuln/detail/CVE-2021-23017
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202105-38
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-4967-2 May 27, 2021
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
nginx could be made to crash or run programs if it received specially crafted network traffic. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: nginx 1.10.3-0ubuntu0.16.04.5+esm1 nginx-common 1.10.3-0ubuntu0.16.04.5+esm1 nginx-core 1.10.3-0ubuntu0.16.04.5+esm1 nginx-extras 1.10.3-0ubuntu0.16.04.5+esm1 nginx-full 1.10.3-0ubuntu0.16.04.5+esm1 nginx-light 1.10.3-0ubuntu0.16.04.5+esm1
Ubuntu 14.04 ESM: nginx 1.4.6-1ubuntu3.9+esm2 nginx-common 1.4.6-1ubuntu3.9+esm2 nginx-core 1.4.6-1ubuntu3.9+esm2 nginx-extras 1.4.6-1ubuntu3.9+esm2 nginx-full 1.4.6-1ubuntu3.9+esm2 nginx-light 1.4.6-1ubuntu3.9+esm2
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: nginx:1.16 security update Advisory ID: RHSA-2021:2290-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2290 Issue date: 2021-06-08 CVE Names: CVE-2021-23017 =====================================================================
- Summary:
An update for the nginx:1.16 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.1 Extended Update Support, and Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
- nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name
- Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.1):
Source: nginx-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.src.rpm
aarch64: nginx-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm nginx-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm nginx-debugsource-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm nginx-mod-http-image-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm nginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm nginx-mod-http-perl-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm nginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm nginx-mod-http-xslt-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm nginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm nginx-mod-mail-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm nginx-mod-mail-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm nginx-mod-stream-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm nginx-mod-stream-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm
noarch: nginx-all-modules-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.noarch.rpm nginx-filesystem-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.noarch.rpm
ppc64le: nginx-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm nginx-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm nginx-debugsource-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm nginx-mod-http-image-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm nginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm nginx-mod-http-perl-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm nginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm nginx-mod-http-xslt-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm nginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm nginx-mod-mail-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm nginx-mod-mail-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm nginx-mod-stream-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm nginx-mod-stream-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm
s390x: nginx-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm nginx-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm nginx-debugsource-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm nginx-mod-http-image-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm nginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm nginx-mod-http-perl-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm nginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm nginx-mod-http-xslt-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm nginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm nginx-mod-mail-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm nginx-mod-mail-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm nginx-mod-stream-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm nginx-mod-stream-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm
x86_64: nginx-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm nginx-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm nginx-debugsource-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm nginx-mod-http-image-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm nginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm nginx-mod-http-perl-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm nginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm nginx-mod-http-xslt-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm nginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm nginx-mod-mail-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm nginx-mod-mail-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm nginx-mod-stream-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm nginx-mod-stream-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm
Red Hat Enterprise Linux AppStream EUS (v. 8.2):
Source: nginx-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.src.rpm
aarch64: nginx-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm nginx-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm nginx-debugsource-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm nginx-mod-http-image-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm nginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm nginx-mod-http-perl-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm nginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm nginx-mod-http-xslt-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm nginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm nginx-mod-mail-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm nginx-mod-mail-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm nginx-mod-stream-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm nginx-mod-stream-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm
noarch: nginx-all-modules-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.noarch.rpm nginx-filesystem-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.noarch.rpm
ppc64le: nginx-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm nginx-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm nginx-debugsource-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm nginx-mod-http-image-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm nginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm nginx-mod-http-perl-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm nginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm nginx-mod-http-xslt-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm nginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm nginx-mod-mail-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm nginx-mod-mail-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm nginx-mod-stream-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm nginx-mod-stream-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm
s390x: nginx-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm nginx-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm nginx-debugsource-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm nginx-mod-http-image-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm nginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm nginx-mod-http-perl-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm nginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm nginx-mod-http-xslt-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm nginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm nginx-mod-mail-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm nginx-mod-mail-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm nginx-mod-stream-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm nginx-mod-stream-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm
x86_64: nginx-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm nginx-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm nginx-debugsource-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm nginx-mod-http-image-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm nginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm nginx-mod-http-perl-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm nginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm nginx-mod-http-xslt-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm nginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm nginx-mod-mail-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm nginx-mod-mail-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm nginx-mod-stream-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm nginx-mod-stream-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm
Red Hat Enterprise Linux AppStream (v. 8):
Source: nginx-1.16.1-2.module+el8.4.0+11155+68135136.1.src.rpm
aarch64: nginx-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm nginx-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm nginx-debugsource-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm nginx-mod-http-image-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm nginx-mod-http-image-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm nginx-mod-http-perl-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm nginx-mod-http-perl-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm nginx-mod-http-xslt-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm nginx-mod-http-xslt-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm nginx-mod-mail-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm nginx-mod-mail-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm nginx-mod-stream-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm nginx-mod-stream-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm
noarch: nginx-all-modules-1.16.1-2.module+el8.4.0+11155+68135136.1.noarch.rpm nginx-filesystem-1.16.1-2.module+el8.4.0+11155+68135136.1.noarch.rpm
ppc64le: nginx-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm nginx-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm nginx-debugsource-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm nginx-mod-http-image-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm nginx-mod-http-image-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm nginx-mod-http-perl-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm nginx-mod-http-perl-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm nginx-mod-http-xslt-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm nginx-mod-http-xslt-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm nginx-mod-mail-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm nginx-mod-mail-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm nginx-mod-stream-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm nginx-mod-stream-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm
s390x: nginx-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm nginx-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm nginx-debugsource-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm nginx-mod-http-image-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm nginx-mod-http-image-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm nginx-mod-http-perl-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm nginx-mod-http-perl-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm nginx-mod-http-xslt-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm nginx-mod-http-xslt-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm nginx-mod-mail-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm nginx-mod-mail-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm nginx-mod-stream-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm nginx-mod-stream-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm
x86_64: nginx-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm nginx-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm nginx-debugsource-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm nginx-mod-http-image-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm nginx-mod-http-image-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm nginx-mod-http-perl-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm nginx-mod-http-perl-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm nginx-mod-http-xslt-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm nginx-mod-http-xslt-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm nginx-mod-mail-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm nginx-mod-mail-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm nginx-mod-stream-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm nginx-mod-stream-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-23017 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYL9JUNzjgjWX9erEAQjSfA/9H4Lh2lGSkUcGMgFMdswHlGjLWsVw88oj E8RnhgJTjDvtRGf+9f6+l2idvZ8Yu9vqDeLMGIPA1DeL4qY1cf9ONQWAUgQTXfc3 UbzeEL6xJJO8+3UWWj/QS8bamTAQ0AlcC8t6lY54bjsKpwJQbzqlKlCLDbtFHERj K8ya6dpSU2MBHaIZ0TAoM0I/rpfVrT4pzwJkmRuum5vGE/BDw2uykGCyV2MhcGfo SwhQBlsahaGGALWm6qX1sODtLgyM7o5ew006x0rmUnK36PoLyaR2J0dELDs+s/vd VgSzejuChb+OTauUvQ1r52DDojfzVxFwVkNjJ2N8nJnPOrHwLnYEfyFSVEcaO9MC wCFgEX1NSQ1k4O0kh/yADz19xPuhDN6uMUzDwg7X2rJJsWoaUEQlDWivM8J6D21R XFyOiA9AcIw3sU8TkBEhuNIaYnWlO4s9pF8ArEI7+Z6Npo5XHnYRktS3dK1Aa1A4 Eh4ziunoXJJqCX+1EveVIOSNCDPq/9CyU8iOCMZOQi67Id6Hhi1aRJ1UNw1oiR4k 1X/I+oWRrl3BSEKVBPWNCN0qCV97bwjl6wW9+PXhIDMe5dSNIF5zZ7o7smbCl3ix OBRavPU6umfqzWre430GMfMsj1VFx8Sj6gU7WPTeGWBgPW4tCUzj5d+C8CW0llH9 +wyUMMhwDBE= =GAHo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.1.11 General Availability release images, which provide a security fix and update the container images. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes.
Container updates:
-
RHACM 2.1.11 images (BZ# 1999375)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
The following packages have been upgraded to a later upstream version: nginx (1.20.1)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1921",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.20.1"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "goldengate",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.4.0.0.0"
},
{
"model": "communications fraud monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "enterprise telephony fraud monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "communications fraud monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "enterprise telephony fraud monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.3.0"
},
{
"model": "enterprise telephony fraud monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "enterprise telephony fraud monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "communications control plane monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "communications control plane monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "communications control plane monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "openresty",
"scope": "lt",
"trust": 1.0,
"vendor": "openresty",
"version": "1.19.3.2"
},
{
"model": "blockchain platform",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications control plane monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.18"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "enterprise session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "oracle communications operations monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "oracle enterprise telephony fraud monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications control plane monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "nginx",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "openresty",
"scope": null,
"trust": 0.8,
"vendor": "openresty",
"version": null
},
{
"model": "oracle communications fraud monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"db": "NVD",
"id": "CVE-2021-23017"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "164523"
},
{
"db": "PACKETSTORM",
"id": "162992"
},
{
"db": "PACKETSTORM",
"id": "163013"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164948"
},
{
"db": "PACKETSTORM",
"id": "165782"
}
],
"trust": 0.6
},
"cve": "CVE-2021-23017",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-23017",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381503",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-23017",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 9.4,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-23017",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-23017",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-23017",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1581",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381503",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381503"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1581"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"db": "NVD",
"id": "CVE-2021-23017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. nginx The resolver contains a vulnerability in determining boundary conditions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. Affected products and versions are as follows: nginx: 0.6.18, 0.6.19 0.6.20, 0.6.21, 0.6.22 0.6.23, 0.6.24, 0.6.25, 0.6.26, 0.6.27, 0.6. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a\npointer to a root domain name (CVE-2021-23017)\n\n* redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)\n\n* redis: Integer overflow issue with Streams (CVE-2021-32627)\n\n* redis: Integer overflow bug in the ziplist data structure\n(CVE-2021-32628)\n\n* redis: Integer overflow issue with intsets (CVE-2021-32687)\n\n* redis: Integer overflow issue with strings (CVE-2021-41099)\n\n* redis: Out of bounds read in lua debugger protocol parser\n(CVE-2021-32672)\n\n* redis: Denial of service via Redis Standard Protocol (RESP) request\n(CVE-2021-32675)\n \n* object-path: Type confusion vulnerability can lead to a bypass of\nCVE-2020-15256 (CVE-2021-23434)\n\nBug fixes: \n\n* RHACM 2.2.9 images (BZ #1999601)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name\n1999601 - RHACM 2.2.9 images\n1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256\n2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets\n2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request\n2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser\n2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure\n2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams\n2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack\n2011020 - CVE-2021-41099 redis: Integer overflow issue with strings\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202105-38\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: nginx: Remote code execution\n Date: May 26, 2021\n Bugs: #792087\n ID: 202105-38\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability in nginx could lead to remote code execution. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.21.0 \u003e= 1.20.1:0\n \u003e= 1.21.0:mainline\n\nDescription\n===========\n\nIt was discovered that nginx did not properly handle DNS responses when\n\"resolver\" directive is used. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.20.1\"\n\nAll nginx mainline users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-servers/nginx-1.21.0:mainline\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-23017\n https://nvd.nist.gov/vuln/detail/CVE-2021-23017\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202105-38\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-4967-2\nMay 27, 2021\n\nnginx vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nnginx could be made to crash or run programs if it received specially\ncrafted network traffic. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n nginx 1.10.3-0ubuntu0.16.04.5+esm1\n nginx-common 1.10.3-0ubuntu0.16.04.5+esm1\n nginx-core 1.10.3-0ubuntu0.16.04.5+esm1\n nginx-extras 1.10.3-0ubuntu0.16.04.5+esm1\n nginx-full 1.10.3-0ubuntu0.16.04.5+esm1\n nginx-light 1.10.3-0ubuntu0.16.04.5+esm1\n\nUbuntu 14.04 ESM:\n nginx 1.4.6-1ubuntu3.9+esm2\n nginx-common 1.4.6-1ubuntu3.9+esm2\n nginx-core 1.4.6-1ubuntu3.9+esm2\n nginx-extras 1.4.6-1ubuntu3.9+esm2\n nginx-full 1.4.6-1ubuntu3.9+esm2\n nginx-light 1.4.6-1ubuntu3.9+esm2\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: nginx:1.16 security update\nAdvisory ID: RHSA-2021:2290-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2290\nIssue date: 2021-06-08\nCVE Names: CVE-2021-23017 \n=====================================================================\n\n1. Summary:\n\nAn update for the nginx:1.16 module is now available for Red Hat Enterprise\nLinux 8, Red Hat Enterprise Linux 8.1 Extended Update Support, and Red Hat\nEnterprise Linux 8.2 Extended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a\npointer to a root domain name (CVE-2021-23017)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream EUS (v. 8.1):\n\nSource:\nnginx-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.src.rpm\n\naarch64:\nnginx-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm\nnginx-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm\nnginx-debugsource-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm\nnginx-mod-http-image-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm\nnginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm\nnginx-mod-http-perl-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm\nnginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm\nnginx-mod-http-xslt-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm\nnginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm\nnginx-mod-mail-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm\nnginx-mod-mail-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm\nnginx-mod-stream-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm\nnginx-mod-stream-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm\n\nnoarch:\nnginx-all-modules-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.noarch.rpm\nnginx-filesystem-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.noarch.rpm\n\nppc64le:\nnginx-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm\nnginx-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm\nnginx-debugsource-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm\nnginx-mod-http-image-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm\nnginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm\nnginx-mod-http-perl-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm\nnginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm\nnginx-mod-http-xslt-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm\nnginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm\nnginx-mod-mail-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm\nnginx-mod-mail-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm\nnginx-mod-stream-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm\nnginx-mod-stream-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm\n\ns390x:\nnginx-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm\nnginx-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm\nnginx-debugsource-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm\nnginx-mod-http-image-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm\nnginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm\nnginx-mod-http-perl-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm\nnginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm\nnginx-mod-http-xslt-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm\nnginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm\nnginx-mod-mail-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm\nnginx-mod-mail-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm\nnginx-mod-stream-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm\nnginx-mod-stream-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm\n\nx86_64:\nnginx-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm\nnginx-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm\nnginx-debugsource-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm\nnginx-mod-http-image-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm\nnginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm\nnginx-mod-http-perl-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm\nnginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm\nnginx-mod-http-xslt-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm\nnginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm\nnginx-mod-mail-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm\nnginx-mod-mail-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm\nnginx-mod-stream-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm\nnginx-mod-stream-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm\n\nRed Hat Enterprise Linux AppStream EUS (v. 8.2):\n\nSource:\nnginx-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.src.rpm\n\naarch64:\nnginx-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm\nnginx-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm\nnginx-debugsource-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm\nnginx-mod-http-image-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm\nnginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm\nnginx-mod-http-perl-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm\nnginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm\nnginx-mod-http-xslt-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm\nnginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm\nnginx-mod-mail-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm\nnginx-mod-mail-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm\nnginx-mod-stream-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm\nnginx-mod-stream-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm\n\nnoarch:\nnginx-all-modules-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.noarch.rpm\nnginx-filesystem-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.noarch.rpm\n\nppc64le:\nnginx-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm\nnginx-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm\nnginx-debugsource-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm\nnginx-mod-http-image-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm\nnginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm\nnginx-mod-http-perl-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm\nnginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm\nnginx-mod-http-xslt-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm\nnginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm\nnginx-mod-mail-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm\nnginx-mod-mail-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm\nnginx-mod-stream-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm\nnginx-mod-stream-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm\n\ns390x:\nnginx-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm\nnginx-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm\nnginx-debugsource-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm\nnginx-mod-http-image-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm\nnginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm\nnginx-mod-http-perl-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm\nnginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm\nnginx-mod-http-xslt-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm\nnginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm\nnginx-mod-mail-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm\nnginx-mod-mail-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm\nnginx-mod-stream-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm\nnginx-mod-stream-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm\n\nx86_64:\nnginx-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm\nnginx-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm\nnginx-debugsource-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm\nnginx-mod-http-image-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm\nnginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm\nnginx-mod-http-perl-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm\nnginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm\nnginx-mod-http-xslt-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm\nnginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm\nnginx-mod-mail-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm\nnginx-mod-mail-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm\nnginx-mod-stream-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm\nnginx-mod-stream-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nnginx-1.16.1-2.module+el8.4.0+11155+68135136.1.src.rpm\n\naarch64:\nnginx-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm\nnginx-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm\nnginx-debugsource-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm\nnginx-mod-http-image-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm\nnginx-mod-http-image-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm\nnginx-mod-http-perl-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm\nnginx-mod-http-perl-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm\nnginx-mod-http-xslt-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm\nnginx-mod-http-xslt-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm\nnginx-mod-mail-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm\nnginx-mod-mail-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm\nnginx-mod-stream-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm\nnginx-mod-stream-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm\n\nnoarch:\nnginx-all-modules-1.16.1-2.module+el8.4.0+11155+68135136.1.noarch.rpm\nnginx-filesystem-1.16.1-2.module+el8.4.0+11155+68135136.1.noarch.rpm\n\nppc64le:\nnginx-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm\nnginx-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm\nnginx-debugsource-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm\nnginx-mod-http-image-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm\nnginx-mod-http-image-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm\nnginx-mod-http-perl-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm\nnginx-mod-http-perl-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm\nnginx-mod-http-xslt-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm\nnginx-mod-http-xslt-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm\nnginx-mod-mail-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm\nnginx-mod-mail-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm\nnginx-mod-stream-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm\nnginx-mod-stream-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm\n\ns390x:\nnginx-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm\nnginx-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm\nnginx-debugsource-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm\nnginx-mod-http-image-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm\nnginx-mod-http-image-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm\nnginx-mod-http-perl-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm\nnginx-mod-http-perl-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm\nnginx-mod-http-xslt-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm\nnginx-mod-http-xslt-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm\nnginx-mod-mail-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm\nnginx-mod-mail-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm\nnginx-mod-stream-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm\nnginx-mod-stream-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm\n\nx86_64:\nnginx-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm\nnginx-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm\nnginx-debugsource-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm\nnginx-mod-http-image-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm\nnginx-mod-http-image-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm\nnginx-mod-http-perl-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm\nnginx-mod-http-perl-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm\nnginx-mod-http-xslt-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm\nnginx-mod-http-xslt-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm\nnginx-mod-mail-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm\nnginx-mod-mail-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm\nnginx-mod-stream-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm\nnginx-mod-stream-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-23017\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYL9JUNzjgjWX9erEAQjSfA/9H4Lh2lGSkUcGMgFMdswHlGjLWsVw88oj\nE8RnhgJTjDvtRGf+9f6+l2idvZ8Yu9vqDeLMGIPA1DeL4qY1cf9ONQWAUgQTXfc3\nUbzeEL6xJJO8+3UWWj/QS8bamTAQ0AlcC8t6lY54bjsKpwJQbzqlKlCLDbtFHERj\nK8ya6dpSU2MBHaIZ0TAoM0I/rpfVrT4pzwJkmRuum5vGE/BDw2uykGCyV2MhcGfo\nSwhQBlsahaGGALWm6qX1sODtLgyM7o5ew006x0rmUnK36PoLyaR2J0dELDs+s/vd\nVgSzejuChb+OTauUvQ1r52DDojfzVxFwVkNjJ2N8nJnPOrHwLnYEfyFSVEcaO9MC\nwCFgEX1NSQ1k4O0kh/yADz19xPuhDN6uMUzDwg7X2rJJsWoaUEQlDWivM8J6D21R\nXFyOiA9AcIw3sU8TkBEhuNIaYnWlO4s9pF8ArEI7+Z6Npo5XHnYRktS3dK1Aa1A4\nEh4ziunoXJJqCX+1EveVIOSNCDPq/9CyU8iOCMZOQi67Id6Hhi1aRJ1UNw1oiR4k\n1X/I+oWRrl3BSEKVBPWNCN0qCV97bwjl6wW9+PXhIDMe5dSNIF5zZ7o7smbCl3ix\nOBRavPU6umfqzWre430GMfMsj1VFx8Sj6gU7WPTeGWBgPW4tCUzj5d+C8CW0llH9\n+wyUMMhwDBE=\n=GAHo\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.11 General\nAvailability release images, which provide a security fix and update the\ncontainer images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.11 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains updates to one or more container images for Red Hat\nAdvanced Cluster Management for Kubernetes. \n\nContainer updates:\n\n* RHACM 2.1.11 images (BZ# 1999375)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThe following packages have been upgraded to a later upstream version:\nnginx (1.20.1)",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-23017"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"db": "VULHUB",
"id": "VHN-381503"
},
{
"db": "PACKETSTORM",
"id": "164523"
},
{
"db": "PACKETSTORM",
"id": "162819"
},
{
"db": "PACKETSTORM",
"id": "162835"
},
{
"db": "PACKETSTORM",
"id": "162851"
},
{
"db": "PACKETSTORM",
"id": "162992"
},
{
"db": "PACKETSTORM",
"id": "163013"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164948"
},
{
"db": "PACKETSTORM",
"id": "165782"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-381503",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381503"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-23017",
"trust": 4.2
},
{
"db": "PACKETSTORM",
"id": "167720",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "163013",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162835",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165782",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162851",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164948",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007625",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162830",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163003",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "50973",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164523",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164282",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164562",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052543",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041931",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092811",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071833",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052901",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060212",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021100722",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012302",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052713",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060719",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060948",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021061520",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012747",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062209",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3878",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1850",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3485",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1936",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1802",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3211",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3430",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1861",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1817",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2027",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1973",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022070032",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1581",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162992",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162819",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162986",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-381503",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381503"
},
{
"db": "PACKETSTORM",
"id": "164523"
},
{
"db": "PACKETSTORM",
"id": "162819"
},
{
"db": "PACKETSTORM",
"id": "162835"
},
{
"db": "PACKETSTORM",
"id": "162851"
},
{
"db": "PACKETSTORM",
"id": "162992"
},
{
"db": "PACKETSTORM",
"id": "163013"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164948"
},
{
"db": "PACKETSTORM",
"id": "165782"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1581"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"db": "NVD",
"id": "CVE-2021-23017"
}
]
},
"id": "VAR-202106-1921",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381503"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T20:10:26.072000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0October\u00a02021 Oracle\u00a0Critical\u00a0Patch\u00a0Update",
"trust": 0.8,
"url": "https://support.f5.com/csp/article/K12331123"
},
{
"title": "Nginx Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154683"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1581"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-193",
"trust": 1.1
},
{
"problemtype": "Boundary condition judgment (CWE-193) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381503"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"db": "NVD",
"id": "CVE-2021-23017"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/167720/nginx-1.20.0-denial-of-service.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210708-0006/"
},
{
"trust": 1.7,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23017"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7sfvyhc7oxteo4smbwxdvk6e5imeymee/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gnkop2jr5l7kciztjrzdcupjtuonmc5i/"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k12331123%2c"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7sfvyhc7oxteo4smbwxdvk6e5imeymee/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gnkop2jr5l7kciztjrzdcupjtuonmc5i/"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-23017"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k12331123"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052713"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163003/red-hat-security-advisory-2021-2278-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/nginx-buffer-overflow-via-dns-server-response-35526"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164282/red-hat-security-advisory-2021-3653-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6492205"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041931"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1802"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-f5-nginx-controller-affect-ibm-cloud-pak-for-automation/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162851/ubuntu-security-notice-usn-4967-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060719"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3211"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164523/red-hat-security-advisory-2021-3873-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021100722"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3430"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022070032"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2027"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1850"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6483657"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162835/gentoo-linux-security-advisory-202105-38.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052901"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071833"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052543"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060948"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1817"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3878"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062209"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1973"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1936"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50973"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164948/red-hat-security-advisory-2021-4618-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012302"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163013/red-hat-security-advisory-2021-2290-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092811"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3485"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021061520"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1861"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525030"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012747"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162830/nginx-1.20.0-dns-resolver-off-by-one-heap-write.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164562/red-hat-security-advisory-2021-3925-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165782/red-hat-security-advisory-2022-0323-02.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060212"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-22922"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-22924"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36222"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-22923"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32626"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32687"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32626"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32675"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32675"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-41099"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3653"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32627"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32687"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32628"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32672"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32627"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32672"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32628"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-4967-1"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k12331123,"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41099"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu2.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu8.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.9"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202105-38"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4967-2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2290"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3653"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27777"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22555"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3711"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36385"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32804"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32804"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3711"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0323"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381503"
},
{
"db": "PACKETSTORM",
"id": "164523"
},
{
"db": "PACKETSTORM",
"id": "162819"
},
{
"db": "PACKETSTORM",
"id": "162835"
},
{
"db": "PACKETSTORM",
"id": "162851"
},
{
"db": "PACKETSTORM",
"id": "162992"
},
{
"db": "PACKETSTORM",
"id": "163013"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164948"
},
{
"db": "PACKETSTORM",
"id": "165782"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1581"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"db": "NVD",
"id": "CVE-2021-23017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381503"
},
{
"db": "PACKETSTORM",
"id": "164523"
},
{
"db": "PACKETSTORM",
"id": "162819"
},
{
"db": "PACKETSTORM",
"id": "162835"
},
{
"db": "PACKETSTORM",
"id": "162851"
},
{
"db": "PACKETSTORM",
"id": "162992"
},
{
"db": "PACKETSTORM",
"id": "163013"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164948"
},
{
"db": "PACKETSTORM",
"id": "165782"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1581"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"db": "NVD",
"id": "CVE-2021-23017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-01T00:00:00",
"db": "VULHUB",
"id": "VHN-381503"
},
{
"date": "2021-10-15T15:06:44",
"db": "PACKETSTORM",
"id": "164523"
},
{
"date": "2021-05-26T17:36:43",
"db": "PACKETSTORM",
"id": "162819"
},
{
"date": "2021-05-27T13:28:42",
"db": "PACKETSTORM",
"id": "162835"
},
{
"date": "2021-05-28T14:11:38",
"db": "PACKETSTORM",
"id": "162851"
},
{
"date": "2021-06-07T13:50:43",
"db": "PACKETSTORM",
"id": "162992"
},
{
"date": "2021-06-08T14:13:55",
"db": "PACKETSTORM",
"id": "163013"
},
{
"date": "2021-09-24T15:49:04",
"db": "PACKETSTORM",
"id": "164282"
},
{
"date": "2021-11-12T17:01:04",
"db": "PACKETSTORM",
"id": "164948"
},
{
"date": "2022-01-31T16:24:54",
"db": "PACKETSTORM",
"id": "165782"
},
{
"date": "2021-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1581"
},
{
"date": "2022-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"date": "2021-06-01T13:15:07.853000",
"db": "NVD",
"id": "CVE-2021-23017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-14T00:00:00",
"db": "VULHUB",
"id": "VHN-381503"
},
{
"date": "2022-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1581"
},
{
"date": "2022-02-18T01:21:00",
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"date": "2023-11-07T03:30:29.880000",
"db": "NVD",
"id": "CVE-2021-23017"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "162819"
},
{
"db": "PACKETSTORM",
"id": "162835"
},
{
"db": "PACKETSTORM",
"id": "162851"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1581"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx\u00a0 Vulnerability in determining boundary conditions in resolver",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1581"
}
],
"trust": 0.6
}
}
VAR-201811-0987
Vulnerability from variot - Updated: 2025-12-22 20:09nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. nginx Contains an information disclosure vulnerability.Information obtained and denial of service (DoS) May be in a state. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Versions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability is caused by the program not processing MP4 files correctly.
For the stable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u2.
We recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-nginx18-nginx security update Advisory ID: RHSA-2018:3652-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3652 Issue date: 2018-11-26 CVE Names: CVE-2018-16845 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
- nginx: Denial of service and memory disclosure via mp4 module (CVE-2018-16845)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank the Nginx project for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16845 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW/viKdzjgjWX9erEAQjSFA/+IYlcY+VkhYOzot4cXoMumMPj0zcn6Iuk TwHfLvfooC8KsM5PK3acSmv2526KlfWn9xi8QJ8YMIoZVX8+LPPC7gOVxmwAyYOn 4uOumQy5rulkk03UB7r6y7u34Xy5mftCXTOouOipvhiW2Na6aZWiRen7ZWRBcMMW okYWY03xJU7/OQafttfP3UUVAYiw5adZ6gAflhZA8q8JzF0RhZXnliyt4kpZ1kLj 8fr6q+9WDVdiHe9u1j1wIXwQglkPnpab+kW1k4KZ3pdJMzFr9unZURHbyDsqbxlh T5rNTFtoLO9rgksSYtkuK0D6MvxVu7MzHMl/X0IsCnFwwAjH9xbqftqX5G26pQR6 L2UlnBNnes+NG357E81aHJus6ioRpjzSsfIrFoU9N0K9llnfbEslwEr239GzF6hH sMO5vap7/i2bmYQ7++jw9jfF67K2AtFvZCa/tYWlilkWOM12BkP2HvuYXCgmtb6F 99oHxB5TyDKPb44epIvzKV/YtvoeHT6beKRIefJ3xstrq8to0f87NZhTTbk5rYt0 HPf5vLjoZO6SYequmHzn++zoAZubU+oZ3fE05jcbrJSwQeMHWLPTtBoBkmQq+l5y rYTxun0/RvYql6bZD4uHAxKzTxyAvrKw0dW+/DGNanQiwkk+/RpPrYTdMhVw4a5a ZrQQucuvvOo= =LfBW -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The following packages have been upgraded to a later upstream version: rh-nginx114-nginx (1.14.1). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212818.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0987",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.3"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.15"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.7"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.15.5"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.14.1"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.15.6"
},
{
"model": "enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.15.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.13.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.12.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.7.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.2.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.2.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.10"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.15.6"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.14.1"
}
],
"sources": [
{
"db": "BID",
"id": "105868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
},
{
"db": "NVD",
"id": "CVE-2018-16845"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "150480"
},
{
"db": "PACKETSTORM",
"id": "150453"
},
{
"db": "PACKETSTORM",
"id": "150481"
},
{
"db": "PACKETSTORM",
"id": "150458"
}
],
"trust": 0.4
},
"cve": "CVE-2018-16845",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-16845",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-127245",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2018-16845",
"impactScore": 4.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2018-16845",
"impactScore": 4.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-16845",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-16845",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2018-16845",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-16845",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-119",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-127245",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-16845",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127245"
},
{
"db": "VULMON",
"id": "CVE-2018-16845"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-119"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
},
{
"db": "NVD",
"id": "CVE-2018-16845"
},
{
"db": "NVD",
"id": "CVE-2018-16845"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. nginx Contains an information disclosure vulnerability.Information obtained and denial of service (DoS) May be in a state. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. \nVersions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability is caused by the program not processing MP4 files correctly. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2. \n\nWe recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2018:3652-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3652\nIssue date: 2018-11-26\nCVE Names: CVE-2018-16845 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: Denial of service and memory disclosure via mp4 module\n(CVE-2018-16845)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank the Nginx project for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16845\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/viKdzjgjWX9erEAQjSFA/+IYlcY+VkhYOzot4cXoMumMPj0zcn6Iuk\nTwHfLvfooC8KsM5PK3acSmv2526KlfWn9xi8QJ8YMIoZVX8+LPPC7gOVxmwAyYOn\n4uOumQy5rulkk03UB7r6y7u34Xy5mftCXTOouOipvhiW2Na6aZWiRen7ZWRBcMMW\nokYWY03xJU7/OQafttfP3UUVAYiw5adZ6gAflhZA8q8JzF0RhZXnliyt4kpZ1kLj\n8fr6q+9WDVdiHe9u1j1wIXwQglkPnpab+kW1k4KZ3pdJMzFr9unZURHbyDsqbxlh\nT5rNTFtoLO9rgksSYtkuK0D6MvxVu7MzHMl/X0IsCnFwwAjH9xbqftqX5G26pQR6\nL2UlnBNnes+NG357E81aHJus6ioRpjzSsfIrFoU9N0K9llnfbEslwEr239GzF6hH\nsMO5vap7/i2bmYQ7++jw9jfF67K2AtFvZCa/tYWlilkWOM12BkP2HvuYXCgmtb6F\n99oHxB5TyDKPb44epIvzKV/YtvoeHT6beKRIefJ3xstrq8to0f87NZhTTbk5rYt0\nHPf5vLjoZO6SYequmHzn++zoAZubU+oZ3fE05jcbrJSwQeMHWLPTtBoBkmQq+l5y\nrYTxun0/RvYql6bZD4uHAxKzTxyAvrKw0dW+/DGNanQiwkk+/RpPrYTdMhVw4a5a\nZrQQucuvvOo=\n=LfBW\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nginx114-nginx (1.14.1). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. Information about the\nsecurity content is also available at\nhttps://support.apple.com/HT212818. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16845"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
},
{
"db": "BID",
"id": "105868"
},
{
"db": "VULHUB",
"id": "VHN-127245"
},
{
"db": "VULMON",
"id": "CVE-2018-16845"
},
{
"db": "PACKETSTORM",
"id": "150253"
},
{
"db": "PACKETSTORM",
"id": "150480"
},
{
"db": "PACKETSTORM",
"id": "150453"
},
{
"db": "PACKETSTORM",
"id": "150481"
},
{
"db": "PACKETSTORM",
"id": "150458"
},
{
"db": "PACKETSTORM",
"id": "164240"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16845",
"trust": 3.5
},
{
"db": "BID",
"id": "105868",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1042039",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201811-119",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164240",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3384",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3157",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0464",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0451",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042571",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "150453",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-127245",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-16845",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150253",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150480",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150481",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150458",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127245"
},
{
"db": "VULMON",
"id": "CVE-2018-16845"
},
{
"db": "BID",
"id": "105868"
},
{
"db": "PACKETSTORM",
"id": "150253"
},
{
"db": "PACKETSTORM",
"id": "150480"
},
{
"db": "PACKETSTORM",
"id": "150453"
},
{
"db": "PACKETSTORM",
"id": "150481"
},
{
"db": "PACKETSTORM",
"id": "150458"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-119"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
},
{
"db": "NVD",
"id": "CVE-2018-16845"
}
]
},
"id": "VAR-201811-0987",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-127245"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T20:09:14.737000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[SECURITY] [DLA 1572-1] nginx security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html"
},
{
"title": "DSA-4335",
"trust": 0.8,
"url": "https://www.debian.org/security/2018/dsa-4335"
},
{
"title": "Bug 1644508",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845"
},
{
"title": "RHSA-2018:3652",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2018:3652"
},
{
"title": "RHSA-2018:3653",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2018:3653"
},
{
"title": "RHSA-2018:3680",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2018:3680"
},
{
"title": "RHSA-2018:3681",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2018:3681"
},
{
"title": "USN-3812-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3812-1/"
},
{
"title": "(CVE-2018-16845)",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html"
},
{
"title": "Nginx Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=86626"
},
{
"title": "Red Hat: Important: rh-nginx18-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183652 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx110-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183653 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx112-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183680 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx114-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183681 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3812-1"
},
{
"title": "Red Hat: CVE-2018-16845",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-16845"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f21dcb5d073b4fb671c738fa256c2347"
},
{
"title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u00e2\u20ac\u2122s dependencies \u00e2\u20ac\u201c Cumulative list from June 28, 2018 to December 13, 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61"
},
{
"title": "CVE-2018-16845",
"trust": 0.1,
"url": "https://github.com/T4t4ru/CVE-2018-16845 "
},
{
"title": "anitazhaochen.github.io",
"trust": 0.1,
"url": "https://github.com/anitazhaochen/anitazhaochen.github.io "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-16845"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-119"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-835",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127245"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
},
{
"db": "NVD",
"id": "CVE-2018-16845"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845"
},
{
"trust": 2.0,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html"
},
{
"trust": 2.0,
"url": "https://usn.ubuntu.com/3812-1/"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:3652"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:3653"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:3680"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:3681"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105868"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht212818"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2018/dsa-4335"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/sep/36"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1042039"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16845"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2018-16845"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2018-16843"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1489143"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0464/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3384/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75522"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212818"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3157"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042571"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-shares-application-is-affected-by-nginx-vulnerabilities-cve-2018-16845-cve-2018-16843-cve-2019-7401/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-16844"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16844"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16843"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nginx"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212818."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127245"
},
{
"db": "BID",
"id": "105868"
},
{
"db": "PACKETSTORM",
"id": "150253"
},
{
"db": "PACKETSTORM",
"id": "150480"
},
{
"db": "PACKETSTORM",
"id": "150453"
},
{
"db": "PACKETSTORM",
"id": "150481"
},
{
"db": "PACKETSTORM",
"id": "150458"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-119"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
},
{
"db": "NVD",
"id": "CVE-2018-16845"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-127245"
},
{
"db": "VULMON",
"id": "CVE-2018-16845"
},
{
"db": "BID",
"id": "105868"
},
{
"db": "PACKETSTORM",
"id": "150253"
},
{
"db": "PACKETSTORM",
"id": "150480"
},
{
"db": "PACKETSTORM",
"id": "150453"
},
{
"db": "PACKETSTORM",
"id": "150481"
},
{
"db": "PACKETSTORM",
"id": "150458"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-119"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
},
{
"db": "NVD",
"id": "CVE-2018-16845"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-127245"
},
{
"date": "2018-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16845"
},
{
"date": "2018-11-06T00:00:00",
"db": "BID",
"id": "105868"
},
{
"date": "2018-11-12T16:57:53",
"db": "PACKETSTORM",
"id": "150253"
},
{
"date": "2018-11-27T17:24:35",
"db": "PACKETSTORM",
"id": "150480"
},
{
"date": "2018-11-26T04:44:44",
"db": "PACKETSTORM",
"id": "150453"
},
{
"date": "2018-11-27T17:24:48",
"db": "PACKETSTORM",
"id": "150481"
},
{
"date": "2018-11-26T10:02:22",
"db": "PACKETSTORM",
"id": "150458"
},
{
"date": "2021-09-22T16:28:58",
"db": "PACKETSTORM",
"id": "164240"
},
{
"date": "2018-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-119"
},
{
"date": "2019-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014189"
},
{
"date": "2018-11-07T14:29:00.883000",
"db": "NVD",
"id": "CVE-2018-16845"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-127245"
},
{
"date": "2022-02-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16845"
},
{
"date": "2018-11-06T00:00:00",
"db": "BID",
"id": "105868"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-119"
},
{
"date": "2019-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014189"
},
{
"date": "2024-11-21T03:53:25.953000",
"db": "NVD",
"id": "CVE-2018-16845"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-119"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Information Disclosure Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014189"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "memory leak",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-119"
}
],
"trust": 0.6
}
}
VAR-200911-0398
Vulnerability from variot - Updated: 2025-12-22 20:09The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) The protocol includes renegotiation A vulnerability exists in the function. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Is a protocol that provides functions such as communication encryption and authentication. SSL and TLS The protocol includes renegotiation There are vulnerabilities due to functionality.A third party that can relay communication between the user and the server can insert arbitrary data at the beginning of the communication data under specific conditions. As a result, the attacker inserted HTTP The request may be sent to the server.
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number (CVE-2010-0731).
The updated packages have been patched to correct these issues. - The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information.
Additionally the NSPR package has been upgraded to 4.8.4 that brings numerous upstream fixes.
This update provides the latest versions of NSS and NSPR libraries and for which NSS is not vulnerable to this attack. ----------------------------------------------------------------------
http://secunia.com/research/
http://secunia.com/company/jobs/open_positions/reverse_engineer
TITLE: Oracle Application Server Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA44293
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44293/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44293
RELEASE DATE: 2011-04-24
DISCUSS ADVISORY: http://secunia.com/advisories/44293/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44293/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44293
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious users and people to manipulate certain data.
1) An error exists in the C Oracle SSL API of the Oracle Security Service component and can be exploited to manipulate certain data.
For more information see vulnerability #1: SA37291
2) An unspecified error in the Oracle HTTP Server component can be exploited to manipulate certain data.
3) An error exists in the Midtier Infrastructure of the Portal component and can be exploited to manipulate certain data.
For more information see vulnerability #3: SA44246
4) An unspecified error in the Single Sign On component can be exploited by authenticated users to manipulate certain data. * Oracle Application Server 10g Release 3 version 10.1.3.5.0.
SOLUTION: Apply updates (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2010:084 http://www.mandriva.com/security/
Package : java-1.6.0-openjdk Date : April 28, 2010 Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
Problem Description:
Multiple Java OpenJDK security vulnerabilities has been identified and fixed:
- TLS: MITM attacks via session renegotiation (CVE-2009-3555).
- Loader-constraint table allows arrays instead of only the b ase-classes (CVE-2010-0082).
- Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084).
- File TOCTOU deserialization vulnerability (CVE-2010-0085).
- Inflater/Deflater clone issues (CVE-2010-0088).
- Unsigned applet can retrieve the dragged information before drop action occurs (CVE-2010-0091).
- AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (CVE-2010-0092).
- System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (CVE-2010-0093).
- Deserialization of RMIConnectionImpl objects should enforce stricter checks (CVE-2010-0094).
- Subclasses of InetAddress may incorrectly interpret network addresses (CVE-2010-0095).
- JAR unpack200 must verify input parameters (CVE-2010-0837).
- CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838).
- Applet Trusted Methods Chaining Privilege Escalation Vulner ability (CVE-2010-0840).
- No ClassCastException for HashAttributeSet constructors if run with -Xcomp (CVE-2010-0845)
- ImagingLib arbitrary code execution vulnerability (CVE-2010-0847).
- AWT Library Invalid Index Vulnerability (CVE-2010-0848).
Additional security issues that was fixed with IcedTea6 1.6.2: - deprecate MD2 in SSL cert validation (CVE-2009-2409). - ICC_Profile file existence detection information leak (CVE-2009-3728). - JRE AWT setDifflCM stack overflow (CVE-2009-3869). - JRE AWT setBytePixels heap overflow (CVE-2009-3871). - JPEG Image Writer quantization problem (CVE-2009-3873). - ImageI/O JPEG heap overflow (CVE-2009-3874). - MessageDigest.isEqual introduces timing attack vulnerabilities (CVE-2009-3875). - OpenJDK ASN.1/DER input stream parser denial of service (CVE-2009-3876, CVE-2009-3877) - GraphicsConfiguration information leak (CVE-2009-3879). - UI logging information leakage (CVE-2009-3880). - resurrected classloaders can still have children (CVE-2009-3881). - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). - Mutable statics in Windows PL&F (findbugs) (CVE-2009-3883). - zoneinfo file existence information leak (CVE-2009-3884). - BMP parsing DoS with UNC ICC links (CVE-2009-3885).
Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found and fixed a bug in IcedTea6 1.8 that is also applied to the provided packages:
- plugin/icedteanp/IcedTeaNPPlugin.cc (plugin_filter_environment): Increment malloc size by one to account for NULL terminator. Bug# 474.
Packages for 2009.0 are provided due to the Extended Maintenance Program.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3880 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3881 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3882 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3885 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 http://article.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/8938 http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.html http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/a6a02193b073
Updated Packages:
Mandriva Linux 2009.0: 37c14ebea4b3ceccbecba4ffea2630a6 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 3f7ba1d78aaf5f1ca56e86fcb48e7192 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 12963efa8b4ea6691ba68f4e72e81e5d 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 6387d4381c518c5658701c114c5fcb9d 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.i586.rpm f90d2a22c10b6eb30aedef13207d346c 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 01e62b54974a3d1b5232de0baa196e41 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: 630941e679a033285ddf5cb3e4c1d092 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm 6330c6dda9cf7c59a90f529bceeee17b 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm c7d708c5f14d710a6bdcc352bb18a55a 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm edf4b1d8efeb157bb0f19b4c4cc55935 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm ac9f8227297249940b1845f3ad95165f 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm d1ed0ce1155c85c423d0cbe47eadfa5b 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm
Mandriva Linux 2009.1: 304bc2cab18b29781bfac69d4927ddce 2009.1/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 77f0d2e2b2c04288a5aae608a2f73f1a 2009.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 7ff7542b4328fd978725f8e0b02590d9 2009.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 3d1bf214209ea3aef86b58962e80901e 2009.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.i586.rpm f52cf5f8d3f85b98da246963d583f6bc 2009.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 87b2fd7ac9883e624e71faa993559e78 2009.1/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64: 883105d4347bb0864c7c73e4f0865066 2009.1/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm ac44d41806625e0be7a55ff30bf1f0e7 2009.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 67db7247fbf1b5be5391f33603b9148c 2009.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 0b6e7a93df49306976453daf29a29d96 2009.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 67e679d7aa4545a968889dcbb1a3fa8e 2009.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 4042e3ae7e3b2dbdcba0e73aadd219d5 2009.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm
Mandriva Linux 2010.0: f3c1bb7b091d5889a856edf93e066367 2010.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 7f717091a34f98e9547c698bf08065f5 2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 21b8532c934559100b0dbc498ba3c52e 2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 8711fdef27cce9af73191903f85dbcd6 2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 1905269f878bb1c6367dedc6797f6914 2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.i586.rpm c5f53d24770de6704f00fdf34c87a703 2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.i586.rpm b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 100203d38e76348f262d69d2cae8a7ba 2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm f155019a4a22d7bf7265c67024dcbc33 2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm 8eaf304d6eb93212d1045adc301de385 2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm 2e2082bd89db22cf5fa4be2ebaceb71c 2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm 3e7a1849db88a8b8ddcdf30441edfcb7 2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm fbc9da5e2080972f6f8c01f23e86890f 2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm
Mandriva Enterprise Server 5: 742a7a6dcc82962a132eadb91a2b1736 mes5/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm 3acd32ccd1fee71f07ccb4b038434ffd mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm c3358ac84dbc950752655fee46fd5e4b mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm a30ef6b33fd9ba1403ab46ef9643efdb mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm 534f95a18c4798ec80cdfe47bd1148a8 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm e79e4bd9462096222f5b07d681b3d418 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64: 180566f92a5564c747c716ecdf082c8f mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 5e05d90fe32dfce7b15db7d9e5604227 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 09506c689ed0265023861e006fbcb624 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm c9ff4a3a4695c56b13268d76c355cfbe mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 0a70a54c2eed68e723cbc65de63bfbff mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 166c980a8479cd915f3507070c25508e mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFL1/vUmqjQ0CJFipgRAlcyAJ9+2v53cztdo8nXoixp0vg0IuQjrACbB/vW +oOtru3I2iYRjlx04fi7wMw= =rIwa -----END PGP SIGNATURE----- . HP Integrated Lights-Out 2 (iLO2) firmware versions 2.05 and earlier. HP Integrated Lights-Out 3 (iLO3) firmware versions 1.16 and earlier.
The latest firmware and installation instructions are available from the HP Business Support Center: http://www.hp.com/go/bizsupport
HP Integrated Lights-Out 2 (iLO2) Online ROM Flash Component for Linux and Windows v2.06 or subsequent. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-01
http://security.gentoo.org/
Severity: High Title: Mozilla Products: Multiple vulnerabilities Date: January 08, 2013 Bugs: #180159, #181361, #207261, #238535, #246602, #251322, #255221, #255234, #255687, #257577, #260062, #261386, #262704, #267234, #273918, #277752, #280226, #280234, #280393, #282549, #284439, #286721, #290892, #292034, #297532, #305689, #307045, #311021, #312361, #312645, #312651, #312675, #312679, #312763, #313003, #324735, #326341, #329279, #336396, #341821, #342847, #348316, #357057, #360055, #360315, #365323, #373595, #379549, #381245, #388045, #390771, #395431, #401701, #403183, #404437, #408161, #413657, #419917, #427224, #433383, #437780, #439586, #439960, #444318 ID: 201301-01
Synopsis
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.
Background
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla's Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 10.0.11 >= 10.0.11 2 www-client/firefox-bin < 10.0.11 >= 10.0.11 3 mail-client/thunderbird < 10.0.11 >= 10.0.11 4 mail-client/thunderbird-bin < 10.0.11 >= 10.0.11 5 www-client/seamonkey < 2.14-r1 >= 2.14-r1 6 www-client/seamonkey-bin < 2.14 >= 2.14 7 dev-libs/nss < 3.14 >= 3.14 8 www-client/mozilla-firefox <= 3.6.8 Vulnerable! 9 www-client/mozilla-firefox-bin <= 3.5.6 Vulnerable! 10 mail-client/mozilla-thunderbird <= 3.0.4-r1 Vulnerable! 11 mail-client/mozilla-thunderbird-bin <= 3.0 Vulnerable! 12 www-client/icecat <= 10.0-r1 Vulnerable! 13 net-libs/xulrunner <= 2.0-r1 Vulnerable! 14 net-libs/xulrunner-bin <= 1.8.1.19 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 14 affected packages
Description
Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL's for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser's font, conduct clickjacking attacks, or have other unspecified impact.
A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
All users of the Mozilla Firefox binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
All users of the Mozilla Thunderbird binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
All Mozilla SeaMonkey users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.14-r1"
All users of the Mozilla SeaMonkey binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.14"
All NSS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.14"
The "www-client/mozilla-firefox" package has been merged into the "www-client/firefox" package. To upgrade, please unmerge "www-client/mozilla-firefox" and then emerge the latest "www-client/firefox" package:
# emerge --sync # emerge --unmerge "www-client/mozilla-firefox" # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
The "www-client/mozilla-firefox-bin" package has been merged into the "www-client/firefox-bin" package. To upgrade, please unmerge "www-client/mozilla-firefox-bin" and then emerge the latest "www-client/firefox-bin" package:
# emerge --sync # emerge --unmerge "www-client/mozilla-firefox-bin" # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
The "mail-client/mozilla-thunderbird" package has been merged into the "mail-client/thunderbird" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird" and then emerge the latest "mail-client/thunderbird" package:
# emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird" # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
The "mail-client/mozilla-thunderbird-bin" package has been merged into the "mail-client/thunderbird-bin" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird-bin" and then emerge the latest "mail-client/thunderbird-bin" package:
# emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird-bin" # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
Gentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat:
# emerge --unmerge "www-client/icecat"
Gentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner"
Gentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner-bin"
References
[ 1 ] CVE-2011-3101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101 [ 2 ] CVE-2007-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436 [ 3 ] CVE-2007-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437 [ 4 ] CVE-2007-2671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671 [ 5 ] CVE-2007-3073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073 [ 6 ] CVE-2008-0016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016 [ 7 ] CVE-2008-0017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017 [ 8 ] CVE-2008-0367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367 [ 9 ] CVE-2008-3835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835 [ 10 ] CVE-2008-3836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836 [ 11 ] CVE-2008-3837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837 [ 12 ] CVE-2008-4058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058 [ 13 ] CVE-2008-4059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059 [ 14 ] CVE-2008-4060 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060 [ 15 ] CVE-2008-4061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061 [ 16 ] CVE-2008-4062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062 [ 17 ] CVE-2008-4063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063 [ 18 ] CVE-2008-4064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064 [ 19 ] CVE-2008-4065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065 [ 20 ] CVE-2008-4066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066 [ 21 ] CVE-2008-4067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067 [ 22 ] CVE-2008-4068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068 [ 23 ] CVE-2008-4069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069 [ 24 ] CVE-2008-4070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070 [ 25 ] CVE-2008-4582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582 [ 26 ] CVE-2008-5012 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012 [ 27 ] CVE-2008-5013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013 [ 28 ] CVE-2008-5014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014 [ 29 ] CVE-2008-5015 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015 [ 30 ] CVE-2008-5016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016 [ 31 ] CVE-2008-5017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017 [ 32 ] CVE-2008-5018 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018 [ 33 ] CVE-2008-5019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019 [ 34 ] CVE-2008-5021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021 [ 35 ] CVE-2008-5022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022 [ 36 ] CVE-2008-5023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023 [ 37 ] CVE-2008-5024 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024 [ 38 ] CVE-2008-5052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052 [ 39 ] CVE-2008-5500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500 [ 40 ] CVE-2008-5501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501 [ 41 ] CVE-2008-5502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502 [ 42 ] CVE-2008-5503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503 [ 43 ] CVE-2008-5504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504 [ 44 ] CVE-2008-5505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505 [ 45 ] CVE-2008-5506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506 [ 46 ] CVE-2008-5507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507 [ 47 ] CVE-2008-5508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508 [ 48 ] CVE-2008-5510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510 [ 49 ] CVE-2008-5511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511 [ 50 ] CVE-2008-5512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512 [ 51 ] CVE-2008-5513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513 [ 52 ] CVE-2008-5822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822 [ 53 ] CVE-2008-5913 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913 [ 54 ] CVE-2008-6961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961 [ 55 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 56 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 57 ] CVE-2009-0352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352 [ 58 ] CVE-2009-0353 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353 [ 59 ] CVE-2009-0354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354 [ 60 ] CVE-2009-0355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355 [ 61 ] CVE-2009-0356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356 [ 62 ] CVE-2009-0357 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357 [ 63 ] CVE-2009-0358 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358 [ 64 ] CVE-2009-0652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652 [ 65 ] CVE-2009-0771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771 [ 66 ] CVE-2009-0772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772 [ 67 ] CVE-2009-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773 [ 68 ] CVE-2009-0774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774 [ 69 ] CVE-2009-0775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775 [ 70 ] CVE-2009-0776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776 [ 71 ] CVE-2009-0777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777 [ 72 ] CVE-2009-1044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044 [ 73 ] CVE-2009-1169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169 [ 74 ] CVE-2009-1302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302 [ 75 ] CVE-2009-1303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303 [ 76 ] CVE-2009-1304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304 [ 77 ] CVE-2009-1305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305 [ 78 ] CVE-2009-1306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306 [ 79 ] CVE-2009-1307 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307 [ 80 ] CVE-2009-1308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308 [ 81 ] CVE-2009-1309 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309 [ 82 ] CVE-2009-1310 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310 [ 83 ] CVE-2009-1311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311 [ 84 ] CVE-2009-1312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312 [ 85 ] CVE-2009-1313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313 [ 86 ] CVE-2009-1392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392 [ 87 ] CVE-2009-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563 [ 88 ] CVE-2009-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571 [ 89 ] CVE-2009-1828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828 [ 90 ] CVE-2009-1832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832 [ 91 ] CVE-2009-1833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833 [ 92 ] CVE-2009-1834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834 [ 93 ] CVE-2009-1835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835 [ 94 ] CVE-2009-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836 [ 95 ] CVE-2009-1837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837 [ 96 ] CVE-2009-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838 [ 97 ] CVE-2009-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839 [ 98 ] CVE-2009-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840 [ 99 ] CVE-2009-1841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841 [ 100 ] CVE-2009-2043 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043 [ 101 ] CVE-2009-2044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044 [ 102 ] CVE-2009-2061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061 [ 103 ] CVE-2009-2065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065 [ 104 ] CVE-2009-2210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210 [ 105 ] CVE-2009-2404 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404 [ 106 ] CVE-2009-2408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408 [ 107 ] CVE-2009-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462 [ 108 ] CVE-2009-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463 [ 109 ] CVE-2009-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464 [ 110 ] CVE-2009-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465 [ 111 ] CVE-2009-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466 [ 112 ] CVE-2009-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467 [ 113 ] CVE-2009-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469 [ 114 ] CVE-2009-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470 [ 115 ] CVE-2009-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471 [ 116 ] CVE-2009-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472 [ 117 ] CVE-2009-2477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477 [ 118 ] CVE-2009-2478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478 [ 119 ] CVE-2009-2479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479 [ 120 ] CVE-2009-2535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535 [ 121 ] CVE-2009-2654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654 [ 122 ] CVE-2009-2662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662 [ 123 ] CVE-2009-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664 [ 124 ] CVE-2009-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665 [ 125 ] CVE-2009-3069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069 [ 126 ] CVE-2009-3070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070 [ 127 ] CVE-2009-3071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071 [ 128 ] CVE-2009-3072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072 [ 129 ] CVE-2009-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074 [ 130 ] CVE-2009-3075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075 [ 131 ] CVE-2009-3076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076 [ 132 ] CVE-2009-3077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077 [ 133 ] CVE-2009-3078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078 [ 134 ] CVE-2009-3079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079 [ 135 ] CVE-2009-3274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274 [ 136 ] CVE-2009-3371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371 [ 137 ] CVE-2009-3372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372 [ 138 ] CVE-2009-3373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373 [ 139 ] CVE-2009-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374 [ 140 ] CVE-2009-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375 [ 141 ] CVE-2009-3376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376 [ 142 ] CVE-2009-3377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377 [ 143 ] CVE-2009-3378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378 [ 144 ] CVE-2009-3379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379 [ 145 ] CVE-2009-3380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380 [ 146 ] CVE-2009-3381 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381 [ 147 ] CVE-2009-3382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382 [ 148 ] CVE-2009-3383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383 [ 149 ] CVE-2009-3388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388 [ 150 ] CVE-2009-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389 [ 151 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 152 ] CVE-2009-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978 [ 153 ] CVE-2009-3979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979 [ 154 ] CVE-2009-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980 [ 155 ] CVE-2009-3981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981 [ 156 ] CVE-2009-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982 [ 157 ] CVE-2009-3983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983 [ 158 ] CVE-2009-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984 [ 159 ] CVE-2009-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985 [ 160 ] CVE-2009-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986 [ 161 ] CVE-2009-3987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987 [ 162 ] CVE-2009-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988 [ 163 ] CVE-2010-0159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159 [ 164 ] CVE-2010-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160 [ 165 ] CVE-2010-0162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162 [ 166 ] CVE-2010-0163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163 [ 167 ] CVE-2010-0164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164 [ 168 ] CVE-2010-0165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165 [ 169 ] CVE-2010-0166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166 [ 170 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 171 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 172 ] CVE-2010-0168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168 [ 173 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 174 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 175 ] CVE-2010-0170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170 [ 176 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 177 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 178 ] CVE-2010-0172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172 [ 179 ] CVE-2010-0173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173 [ 180 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 181 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 182 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 183 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 184 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 185 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 186 ] CVE-2010-0177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177 [ 187 ] CVE-2010-0178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178 [ 188 ] CVE-2010-0179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179 [ 189 ] CVE-2010-0181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181 [ 190 ] CVE-2010-0182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182 [ 191 ] CVE-2010-0183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183 [ 192 ] CVE-2010-0220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220 [ 193 ] CVE-2010-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648 [ 194 ] CVE-2010-0654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654 [ 195 ] CVE-2010-1028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028 [ 196 ] CVE-2010-1121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121 [ 197 ] CVE-2010-1125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125 [ 198 ] CVE-2010-1196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196 [ 199 ] CVE-2010-1197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197 [ 200 ] CVE-2010-1198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198 [ 201 ] CVE-2010-1199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199 [ 202 ] CVE-2010-1200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200 [ 203 ] CVE-2010-1201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201 [ 204 ] CVE-2010-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202 [ 205 ] CVE-2010-1203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203 [ 206 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 207 ] CVE-2010-1206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206 [ 208 ] CVE-2010-1207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207 [ 209 ] CVE-2010-1208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208 [ 210 ] CVE-2010-1209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209 [ 211 ] CVE-2010-1210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210 [ 212 ] CVE-2010-1211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211 [ 213 ] CVE-2010-1212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212 [ 214 ] CVE-2010-1213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213 [ 215 ] CVE-2010-1214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214 [ 216 ] CVE-2010-1215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215 [ 217 ] CVE-2010-1585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585 [ 218 ] CVE-2010-2751 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751 [ 219 ] CVE-2010-2752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752 [ 220 ] CVE-2010-2753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753 [ 221 ] CVE-2010-2754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754 [ 222 ] CVE-2010-2755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755 [ 223 ] CVE-2010-2760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760 [ 224 ] CVE-2010-2762 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762 [ 225 ] CVE-2010-2763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763 [ 226 ] CVE-2010-2764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764 [ 227 ] CVE-2010-2765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765 [ 228 ] CVE-2010-2766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766 [ 229 ] CVE-2010-2767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767 [ 230 ] CVE-2010-2768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768 [ 231 ] CVE-2010-2769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769 [ 232 ] CVE-2010-2770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770 [ 233 ] CVE-2010-3131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131 [ 234 ] CVE-2010-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166 [ 235 ] CVE-2010-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167 [ 236 ] CVE-2010-3168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168 [ 237 ] CVE-2010-3169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169 [ 238 ] CVE-2010-3170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170 [ 239 ] CVE-2010-3171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171 [ 240 ] CVE-2010-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173 [ 241 ] CVE-2010-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174 [ 242 ] CVE-2010-3175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175 [ 243 ] CVE-2010-3176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176 [ 244 ] CVE-2010-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177 [ 245 ] CVE-2010-3178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178 [ 246 ] CVE-2010-3179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179 [ 247 ] CVE-2010-3180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180 [ 248 ] CVE-2010-3182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182 [ 249 ] CVE-2010-3183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183 [ 250 ] CVE-2010-3399 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399 [ 251 ] CVE-2010-3400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400 [ 252 ] CVE-2010-3765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765 [ 253 ] CVE-2010-3766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766 [ 254 ] CVE-2010-3767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767 [ 255 ] CVE-2010-3768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768 [ 256 ] CVE-2010-3769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769 [ 257 ] CVE-2010-3770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770 [ 258 ] CVE-2010-3771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771 [ 259 ] CVE-2010-3772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772 [ 260 ] CVE-2010-3773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773 [ 261 ] CVE-2010-3774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774 [ 262 ] CVE-2010-3775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775 [ 263 ] CVE-2010-3776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776 [ 264 ] CVE-2010-3777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777 [ 265 ] CVE-2010-3778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778 [ 266 ] CVE-2010-4508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508 [ 267 ] CVE-2010-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074 [ 268 ] CVE-2011-0051 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051 [ 269 ] CVE-2011-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053 [ 270 ] CVE-2011-0054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054 [ 271 ] CVE-2011-0055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055 [ 272 ] CVE-2011-0056 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056 [ 273 ] CVE-2011-0057 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057 [ 274 ] CVE-2011-0058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058 [ 275 ] CVE-2011-0059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059 [ 276 ] CVE-2011-0061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061 [ 277 ] CVE-2011-0062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062 [ 278 ] CVE-2011-0065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065 [ 279 ] CVE-2011-0066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066 [ 280 ] CVE-2011-0067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067 [ 281 ] CVE-2011-0068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068 [ 282 ] CVE-2011-0069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069 [ 283 ] CVE-2011-0070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070 [ 284 ] CVE-2011-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071 [ 285 ] CVE-2011-0072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072 [ 286 ] CVE-2011-0073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073 [ 287 ] CVE-2011-0074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074 [ 288 ] CVE-2011-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075 [ 289 ] CVE-2011-0076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076 [ 290 ] CVE-2011-0077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077 [ 291 ] CVE-2011-0078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078 [ 292 ] CVE-2011-0079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079 [ 293 ] CVE-2011-0080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080 [ 294 ] CVE-2011-0081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081 [ 295 ] CVE-2011-0082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082 [ 296 ] CVE-2011-0083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083 [ 297 ] CVE-2011-0084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084 [ 298 ] CVE-2011-0085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085 [ 299 ] CVE-2011-1187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187 [ 300 ] CVE-2011-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202 [ 301 ] CVE-2011-1712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712 [ 302 ] CVE-2011-2362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362 [ 303 ] CVE-2011-2363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363 [ 304 ] CVE-2011-2364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364 [ 305 ] CVE-2011-2365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365 [ 306 ] CVE-2011-2369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369 [ 307 ] CVE-2011-2370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370 [ 308 ] CVE-2011-2371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371 [ 309 ] CVE-2011-2372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372 [ 310 ] CVE-2011-2373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373 [ 311 ] CVE-2011-2374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374 [ 312 ] CVE-2011-2375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375 [ 313 ] CVE-2011-2376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376 [ 314 ] CVE-2011-2377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377 [ 315 ] CVE-2011-2378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378 [ 316 ] CVE-2011-2605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605 [ 317 ] CVE-2011-2980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980 [ 318 ] CVE-2011-2981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981 [ 319 ] CVE-2011-2982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982 [ 320 ] CVE-2011-2983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983 [ 321 ] CVE-2011-2984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984 [ 322 ] CVE-2011-2985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985 [ 323 ] CVE-2011-2986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986 [ 324 ] CVE-2011-2987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987 [ 325 ] CVE-2011-2988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988 [ 326 ] CVE-2011-2989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989 [ 327 ] CVE-2011-2990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990 [ 328 ] CVE-2011-2991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991 [ 329 ] CVE-2011-2993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993 [ 330 ] CVE-2011-2995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995 [ 331 ] CVE-2011-2996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996 [ 332 ] CVE-2011-2997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997 [ 333 ] CVE-2011-2998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998 [ 334 ] CVE-2011-2999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999 [ 335 ] CVE-2011-3000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000 [ 336 ] CVE-2011-3001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001 [ 337 ] CVE-2011-3002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002 [ 338 ] CVE-2011-3003 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003 [ 339 ] CVE-2011-3004 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004 [ 340 ] CVE-2011-3005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005 [ 341 ] CVE-2011-3026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026 [ 342 ] CVE-2011-3062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062 [ 343 ] CVE-2011-3232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232 [ 344 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 345 ] CVE-2011-3640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640 [ 346 ] CVE-2011-3647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647 [ 347 ] CVE-2011-3648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648 [ 348 ] CVE-2011-3649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649 [ 349 ] CVE-2011-3650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650 [ 350 ] CVE-2011-3651 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651 [ 351 ] CVE-2011-3652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652 [ 352 ] CVE-2011-3653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653 [ 353 ] CVE-2011-3654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654 [ 354 ] CVE-2011-3655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655 [ 355 ] CVE-2011-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658 [ 356 ] CVE-2011-3659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659 [ 357 ] CVE-2011-3660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660 [ 358 ] CVE-2011-3661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661 [ 359 ] CVE-2011-3663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663 [ 360 ] CVE-2011-3665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665 [ 361 ] CVE-2011-3670 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670 [ 362 ] CVE-2011-3866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866 [ 363 ] CVE-2011-4688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688 [ 364 ] CVE-2012-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441 [ 365 ] CVE-2012-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442 [ 366 ] CVE-2012-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443 [ 367 ] CVE-2012-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444 [ 368 ] CVE-2012-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445 [ 369 ] CVE-2012-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446 [ 370 ] CVE-2012-0447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447 [ 371 ] CVE-2012-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449 [ 372 ] CVE-2012-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450 [ 373 ] CVE-2012-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451 [ 374 ] CVE-2012-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452 [ 375 ] CVE-2012-0455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455 [ 376 ] CVE-2012-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456 [ 377 ] CVE-2012-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457 [ 378 ] CVE-2012-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458 [ 379 ] CVE-2012-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459 [ 380 ] CVE-2012-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460 [ 381 ] CVE-2012-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461 [ 382 ] CVE-2012-0462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462 [ 383 ] CVE-2012-0463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463 [ 384 ] CVE-2012-0464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464 [ 385 ] CVE-2012-0467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467 [ 386 ] CVE-2012-0468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468 [ 387 ] CVE-2012-0469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469 [ 388 ] CVE-2012-0470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470 [ 389 ] CVE-2012-0471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471 [ 390 ] CVE-2012-0473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473 [ 391 ] CVE-2012-0474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474 [ 392 ] CVE-2012-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475 [ 393 ] CVE-2012-0477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477 [ 394 ] CVE-2012-0478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478 [ 395 ] CVE-2012-0479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479 [ 396 ] CVE-2012-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937 [ 397 ] CVE-2012-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938 [ 398 ] CVE-2012-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939 [ 399 ] CVE-2012-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940 [ 400 ] CVE-2012-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941 [ 401 ] CVE-2012-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945 [ 402 ] CVE-2012-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946 [ 403 ] CVE-2012-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947 [ 404 ] CVE-2012-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948 [ 405 ] CVE-2012-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949 [ 406 ] CVE-2012-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950 [ 407 ] CVE-2012-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951 [ 408 ] CVE-2012-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952 [ 409 ] CVE-2012-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953 [ 410 ] CVE-2012-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954 [ 411 ] CVE-2012-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955 [ 412 ] CVE-2012-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956 [ 413 ] CVE-2012-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957 [ 414 ] CVE-2012-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958 [ 415 ] CVE-2012-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959 [ 416 ] CVE-2012-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960 [ 417 ] CVE-2012-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961 [ 418 ] CVE-2012-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962 [ 419 ] CVE-2012-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963 [ 420 ] CVE-2012-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964 [ 421 ] CVE-2012-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965 [ 422 ] CVE-2012-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966 [ 423 ] CVE-2012-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967 [ 424 ] CVE-2012-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970 [ 425 ] CVE-2012-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971 [ 426 ] CVE-2012-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972 [ 427 ] CVE-2012-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973 [ 428 ] CVE-2012-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974 [ 429 ] CVE-2012-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975 [ 430 ] CVE-2012-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976 [ 431 ] CVE-2012-1994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994 [ 432 ] CVE-2012-3956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956 [ 433 ] CVE-2012-3957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957 [ 434 ] CVE-2012-3958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958 [ 435 ] CVE-2012-3959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959 [ 436 ] CVE-2012-3960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960 [ 437 ] CVE-2012-3961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961 [ 438 ] CVE-2012-3962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962 [ 439 ] CVE-2012-3963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963 [ 440 ] CVE-2012-3964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964 [ 441 ] CVE-2012-3965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965 [ 442 ] CVE-2012-3966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966 [ 443 ] CVE-2012-3967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967 [ 444 ] CVE-2012-3968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968 [ 445 ] CVE-2012-3969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969 [ 446 ] CVE-2012-3970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970 [ 447 ] CVE-2012-3971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971 [ 448 ] CVE-2012-3972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972 [ 449 ] CVE-2012-3973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973 [ 450 ] CVE-2012-3975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975 [ 451 ] CVE-2012-3976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976 [ 452 ] CVE-2012-3977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977 [ 453 ] CVE-2012-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978 [ 454 ] CVE-2012-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980 [ 455 ] CVE-2012-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982 [ 456 ] CVE-2012-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984 [ 457 ] CVE-2012-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985 [ 458 ] CVE-2012-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986 [ 459 ] CVE-2012-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988 [ 460 ] CVE-2012-3989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989 [ 461 ] CVE-2012-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990 [ 462 ] CVE-2012-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991 [ 463 ] CVE-2012-3992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992 [ 464 ] CVE-2012-3993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993 [ 465 ] CVE-2012-3994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994 [ 466 ] CVE-2012-3995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995 [ 467 ] CVE-2012-4179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179 [ 468 ] CVE-2012-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180 [ 469 ] CVE-2012-4181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181 [ 470 ] CVE-2012-4182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182 [ 471 ] CVE-2012-4183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183 [ 472 ] CVE-2012-4184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184 [ 473 ] CVE-2012-4185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185 [ 474 ] CVE-2012-4186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186 [ 475 ] CVE-2012-4187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187 [ 476 ] CVE-2012-4188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188 [ 477 ] CVE-2012-4190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190 [ 478 ] CVE-2012-4191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191 [ 479 ] CVE-2012-4192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192 [ 480 ] CVE-2012-4193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193 [ 481 ] CVE-2012-4194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194 [ 482 ] CVE-2012-4195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195 [ 483 ] CVE-2012-4196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196 [ 484 ] CVE-2012-4201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201 [ 485 ] CVE-2012-4202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202 [ 486 ] CVE-2012-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204 [ 487 ] CVE-2012-4205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205 [ 488 ] CVE-2012-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206 [ 489 ] CVE-2012-4207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207 [ 490 ] CVE-2012-4208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208 [ 491 ] CVE-2012-4209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209 [ 492 ] CVE-2012-4210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210 [ 493 ] CVE-2012-4212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212 [ 494 ] CVE-2012-4215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215 [ 495 ] CVE-2012-4216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216 [ 496 ] CVE-2012-5354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354 [ 497 ] CVE-2012-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829 [ 498 ] CVE-2012-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830 [ 499 ] CVE-2012-5833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833 [ 500 ] CVE-2012-5835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835 [ 501 ] CVE-2012-5836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836 [ 502 ] CVE-2012-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838 [ 503 ] CVE-2012-5839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839 [ 504 ] CVE-2012-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840 [ 505 ] CVE-2012-5841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841 [ 506 ] CVE-2012-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842 [ 507 ] CVE-2012-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843 [ 508 ] Firefox Blocking Fraudulent Certificates
http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c= ertificates/ [ 509 ] Mozilla Foundation Security Advisory 2011-11 http://www.mozilla.org/security/announce/2011/mfsa2011-11.html [ 510 ] Mozilla Foundation Security Advisory 2011-34 http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201301-01.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Background
The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation. All 1.5 JRE versions are masked and will be removed shortly. All 1.5 JDK versions are marked as "build-only" and will be masked for removal shortly. Users are advised to change their default user and system Java implementation to an unaffected version. For example:
# java-config --set-system-vm sun-jdk-1.6
For more information, please consult the Gentoo Linux Java documentation. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.
For the old stable distribution (lenny), this problem has been fixed in version 6b18-1.8.3-2~lenny1.
Note that this update introduces an OpenJDK package based on the IcedTea release 1.8.3 into the old stable distribution. This addresses several dozen security vulnerabilities, most of which are only exploitable by malicious mobile code. A notable exception is CVE-2009-3555, the TLS renegotiation vulnerability. This update implements the protocol extension described in RFC 5746, addressing this issue.
This update also includes a new version of Hotspot, the Java virtual machine, which increases the default heap size on machines with several GB of RAM. If you run several JVMs on the same machine, you might have to reduce the heap size by specifying a suitable -Xmx argument in the invocation of the "java" command. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Release Date: 2010-09-15 Last Updated: 2010-09-15
Potential Security Impact: Remote cross site scripting (XSS), HTTP response splitting, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), HTTP response splitting, Denial of Service (DoS), information disclosure, and data modification.
References: CVE-2010-3010 XSS
CVE-2010-3011 HTTP response splitting
CVE-2010-2068 Apache
CVE-2009-4143 PHP
CVE-2009-4018 PHP
CVE-2009-4017 PHP
CVE-2009-3555 SSL
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP System Management Homepage for Linux (x86) prior to v6.2 HP System Management Homepage for Linux (AMD64/EM64T) prior to v6.2 HP System Management Homepage for Windows prior to v6.2
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-3010 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2010-3011 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2010-2068 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2009-4143 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-4018 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-4017 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided HP System Management Homepage v6.2 or subsequent to resolve the vulnerabilities.
HP System Management Homepage v6.2 or subsequent for Linux (x86), Linux (AMD64/EM64T), and Windows can be downloaded from the following link.
http://www.hp.com/servers/manage/smh
PRODUCT SPECIFIC INFORMATION None
HISTORY Version:1 (rev.1) - 15 September 2010 Initial Release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkyQ1mwACgkQ4B86/C0qfVnXFQCglbMn0B+FmCZvloAoXci/cEpU ceEAoNPOhpE7qN8Ckcf3HDXsfRydveyw =mQKh -----END PGP SIGNATURE----- . OpenSSL Security Advisory [11-Nov-2009] =======================================
A potentially serious flaw in SSL and TLS has been worked around in OpenSSL 0.9.8l.
Since many changes had occurred on the 0.9.8 branch without a public release it was decided to release 0.9.8l based on the last publicly tested release version 0.9.8k.
Man-in-the-middle Renegotiation Attack
A man-in-the-middle (MitM) can intercept an SSL connection and instead make his own connection to the server. He can then send arbitrary data and trigger a renegotiation using the client's original connection data.
From the server's point of view the client simply connected, sent data, renegotiated and continued.
From the client's point of view he connects to the server normally. There is no indication at the SSL level that the attack occurred. There may be indications at the level of the protocol layered on top of SSL, for example, unexpected or pipelined responses.
This attack can also be performed when the server requests a renegotiation - in this variant, the MitM would wait for the server's renegotiation request and at that point replay the clients original connection data.
Once the original client connection data has been replayed, the MitM can no longer inject data, nor can he read the traffic over the SSL connection in either direction. Because of the nature of the attack, this is only an effective defence when deployed on servers.
Servers that need renegotiation to function correctly obviously cannot deploy this fix without breakage.
Severity
Because of the enormous difficulty of analysing every possible attack on every protocol that is layered on SSL, the OpenSSL Team classify this as a severe issue and recommend that everyone who does not rely on renegotiation deploy 0.9.8l as soon as possible.
History
A small number of people knew about the problem in advance under NDA and a comprehensive fix was being developed. Unfortunately the issue was independently discovered and the details made public so a less than ideal brute force emergency fix had to be developed and released.
Future Plans
A TLS extension has been defined which will cryptographically bind the session before renegotiation to the session after.
Because renegotiation is, in practice, rarely used we will not be rushing the production of 0.9.8m, but will instead test interoperability with other implementations, and ensure the stability of the other fixes before release.
Acknowledgements
Thanks to Marsh Ray, who discovered the issue, and Steve Dispensa of PhoneFactor. Also thanks to ICASI who managed the early coordination of this issue.
References
CVE-2009-3555: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
TLS extension: https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
URL for this Security Advisory: https://www.openssl.org/news/secadv_20091111.txt
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200911-0398",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "5.0"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.22"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "12"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "4.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "11"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.10"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "14"
},
{
"model": "nss",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.4"
},
{
"model": "gnutls",
"scope": "lte",
"trust": 1.0,
"vendor": "gnu",
"version": "2.8.5"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8k"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "13"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.14"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "barracuda",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnutls",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "http server",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "2.2.15"
},
{
"model": "http server",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "2.3.6"
},
{
"model": "db2",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "9.1 fp9"
},
{
"model": "db2",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "9.5 fp6a"
},
{
"model": "db2",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "9.7 fp2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.0.47.x"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "sdk,",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "1.4.2"
},
{
"model": "sdk,",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "1.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "firefox",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "3.5.9"
},
{
"model": "firefox",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "3.6.2"
},
{
"model": "seamonkey",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"model": "thunderbird",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "3.0.4"
},
{
"model": "openoffice.org",
"scope": "eq",
"trust": 0.8,
"vendor": "openoffice",
"version": "2.x"
},
{
"model": "openoffice.org",
"scope": "lt",
"trust": 0.8,
"vendor": "openoffice",
"version": "3.2.1"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.8l"
},
{
"model": "proftpd",
"scope": "lt",
"trust": 0.8,
"vendor": "proftpd",
"version": "1.3.2c"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "3.0.3"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "3.5"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "vcenter",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "vcenter",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "virtualcenter",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "2.5"
},
{
"model": "vsphere update manager",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "1.0"
},
{
"model": "vsphere update manager",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "vsphere update manager",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.3"
},
{
"model": "opensolaris",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "server 10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "server 10.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "server 10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "server 10.2.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "server 11.1.0.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "server 11.2.0.1"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "server 11.2.0.2"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.0 mp2"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.0.2"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.2.3"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.3.5"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.4.0.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.4.3"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.3.2"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.3.3"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.1.2.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.1.3.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "7.0 sp7"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1 sp6"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1.6"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2 mp3"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.3"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.4"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "sap sybase adaptive server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "sybase",
"version": null
},
{
"model": "jdk",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "5.0 update 25"
},
{
"model": "jdk",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "6 update 21"
},
{
"model": "jre",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.4.2_27"
},
{
"model": "jre",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "5.0 update 25"
},
{
"model": "jre",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "6 update 21"
},
{
"model": "opensolaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "(sparc)"
},
{
"model": "opensolaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "(x86)"
},
{
"model": "sdk",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.4.2_27"
},
{
"model": "glassfish enterprise server",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "v2.1.1"
},
{
"model": "java enterprise system",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2005q4"
},
{
"model": "java enterprise system",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "5"
},
{
"model": "java system application server",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8.0"
},
{
"model": "java system application server",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8.1"
},
{
"model": "java system application server",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8.2"
},
{
"model": "java system web proxy server",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "4.0 - 4.0.12"
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "6.1"
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2.0"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0 (x64)"
},
{
"model": "turbolinux client",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2008"
},
{
"model": "turbolinux fuji",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "( extended maintenance )"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10 ( extended maintenance )"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10 (x64) ( extended maintenance )"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11 (x64)"
},
{
"model": "hp systems insight manager",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "7.0"
},
{
"model": "hp virtual connect",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "8gb 24 port fiber channel module 3.00 (vc ( virtual connect ) 4.40 )"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.31"
},
{
"model": "hpe matrix operating environment",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hpe systems insight manager",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "director",
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": "intelligencecenter",
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": "packetshaper",
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": "proxyav",
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": "proxyclient",
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": "reporter",
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": "proxysg",
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": "sgos",
"scope": "eq",
"trust": 0.8,
"vendor": "blue coat",
"version": "4"
},
{
"model": "sgos",
"scope": "eq",
"trust": 0.8,
"vendor": "blue coat",
"version": "5"
},
{
"model": "sgos",
"scope": "eq",
"trust": 0.8,
"vendor": "blue coat",
"version": "6"
},
{
"model": "windows 2000",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows 7",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x32)"
},
{
"model": "windows 7",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64)"
},
{
"model": "windows server 2003",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2003",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(itanium)"
},
{
"model": "windows server 2003",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64)"
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(itanium)"
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64)"
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x86)"
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2(itanium)"
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "r2(x64)"
},
{
"model": "windows vista",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows vista",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64)"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64)"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.4.z (server)"
},
{
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 extras"
},
{
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 extras"
},
{
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.7.z extras"
},
{
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8.z extras"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux hpc node supplementary",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "rhel desktop supplementary",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "rhel desktop supplementary",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "rhel supplementary",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "rhel supplementary eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.2.z (server)"
},
{
"model": "rhel supplementary eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.3.z (server)"
},
{
"model": "rhel supplementary eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.4.z (server)"
},
{
"model": "csview",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "websam assetsuite",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise version 6"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard version 6"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "cosminexus client",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "cosminexus developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- standard edition version 4"
},
{
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- web edition version 4"
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- standard edition version 4"
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- web edition version 4"
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "web server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "web server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- security enhancement"
},
{
"model": "processing kit for xml",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard"
},
{
"model": "ucosminexus client",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard"
},
{
"model": "ucosminexus operator",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus portal framework",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "entry set"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "architect"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform"
},
{
"model": "hp virtual connect",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": null
},
{
"model": "hpe matrix operating environment",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
"version": null
},
{
"model": "hpe systems insight manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
"version": null
},
{
"model": "hitachi web server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002319"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:db2",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:java_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:websphere_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:firefox",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:seamonkey",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:thunderbird",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:openoffice:openoffice.org",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:openssl:openssl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:proftpd:proftpd",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:esx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:vcenter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:virtualcenter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:update_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:opensolaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:fusion_middleware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sybase:adaptive_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sun:jdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sun:jre",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sun:opensolaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sun:sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sun:glassfish_enterprise_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sun:java_enterprise_system",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sun:java_system_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sun:java_system_web_proxy_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sun:java_system_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sun:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:systems_insight_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:virtual_connect",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:matrix_operating_environment",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:systems_insight_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:bluecoat:director",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:bluecoat:intelligencecenter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:bluecoat:packetshaper",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:bluecoat:proxyav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bluecoat:proxyclient",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bluecoat:reporter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:bluecoat:proxysg",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:bluecoat:sgos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_2000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2003",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2008",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_vista",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_xp",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_eus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_hpc_node",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:redhat:enterprise_linux_hpc_node_supplementary",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:redhat:rhel_workstation_supplementary",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:redhat:rhel_desktop_supplementary",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:redhat:rhel_supplementary",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:redhat:rhel_supplementary_eus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:csview",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:websam_assetsuite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developers_kit_for_java",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:hitachi_developers_kit_for_java",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:hitachi_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:processing_kit_for_xml",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_operator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_portal_framework",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002319"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandriva",
"sources": [
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "PACKETSTORM",
"id": "88167"
},
{
"db": "PACKETSTORM",
"id": "89026"
},
{
"db": "PACKETSTORM",
"id": "88698"
}
],
"trust": 0.4
},
"cve": "CVE-2009-3555",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-3555",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-3555",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2011-001632",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-41001",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3555",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-3555",
"trust": 0.8,
"value": "0"
},
{
"author": "NVD",
"id": "CVE-2009-3555",
"trust": 0.8,
"value": "Medium"
},
{
"author": "IPA",
"id": "JVNDB-2011-001632",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULHUB",
"id": "VHN-41001",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002319"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) The protocol includes renegotiation A vulnerability exists in the function. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Is a protocol that provides functions such as communication encryption and authentication. SSL and TLS The protocol includes renegotiation There are vulnerabilities due to functionality.A third party that can relay communication between the user and the server can insert arbitrary data at the beginning of the communication data under specific conditions. As a result, the attacker inserted HTTP The request may be sent to the server. \n \n The gnutls_x509_crt_get_serial function in the GnuTLS library before\n 1.2.1, when running on big-endian, 64-bit platforms, calls the\n asn1_read_value with a pointer to the wrong data type and the wrong\n length value, which allows remote attackers to bypass the certificate\n revocation list (CRL) check and cause a stack-based buffer overflow\n via a crafted X.509 certificate, related to extraction of a serial\n number (CVE-2010-0731). \n \n The updated packages have been patched to correct these issues. \n - The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely\nresulting in disclosure of information. \n \n Additionally the NSPR package has been upgraded to 4.8.4 that brings\n numerous upstream fixes. \n \n This update provides the latest versions of NSS and NSPR libraries\n and for which NSS is not vulnerable to this attack. ----------------------------------------------------------------------\n\n\nhttp://secunia.com/research/\n\nhttp://secunia.com/company/jobs/open_positions/reverse_engineer\n\n\n----------------------------------------------------------------------\n\nTITLE:\nOracle Application Server Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44293\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44293/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44293\n\nRELEASE DATE:\n2011-04-24\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44293/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44293/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44293\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Oracle Application\nServer, which can be exploited by malicious users and people to\nmanipulate certain data. \n\n1) An error exists in the C Oracle SSL API of the Oracle Security\nService component and can be exploited to manipulate certain data. \n\nFor more information see vulnerability #1:\nSA37291\n\n2) An unspecified error in the Oracle HTTP Server component can be\nexploited to manipulate certain data. \n\n3) An error exists in the Midtier Infrastructure of the Portal\ncomponent and can be exploited to manipulate certain data. \n\nFor more information see vulnerability #3:\nSA44246\n\n4) An unspecified error in the Single Sign On component can be\nexploited by authenticated users to manipulate certain data. \n* Oracle Application Server 10g Release 3 version 10.1.3.5.0. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nIt is currently unclear who reported these vulnerabilities as the\nOracle Critical Patch Update for April 2011 only provides a bundled\nlist of credits. This section will be updated when/if the original\nreporter provides more information. \n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2010:084\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : java-1.6.0-openjdk\n Date : April 28, 2010\n Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple Java OpenJDK security vulnerabilities has been identified\n and fixed:\n \n - TLS: MITM attacks via session renegotiation (CVE-2009-3555). \n - Loader-constraint table allows arrays instead of only the b\n ase-classes (CVE-2010-0082). \n - Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084). \n - File TOCTOU deserialization vulnerability (CVE-2010-0085). \n - Inflater/Deflater clone issues (CVE-2010-0088). \n - Unsigned applet can retrieve the dragged information before drop\n action occurs (CVE-2010-0091). \n - AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error\n (CVE-2010-0092). \n - System.arraycopy unable to reference elements beyond\n Integer.MAX_VALUE bytes (CVE-2010-0093). \n - Deserialization of RMIConnectionImpl objects should enforce stricter\n checks (CVE-2010-0094). \n - Subclasses of InetAddress may incorrectly interpret network addresses\n (CVE-2010-0095). \n - JAR unpack200 must verify input parameters (CVE-2010-0837). \n - CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838). \n - Applet Trusted Methods Chaining Privilege Escalation Vulner ability\n (CVE-2010-0840). \n - No ClassCastException for HashAttributeSet constructors if run with\n -Xcomp (CVE-2010-0845)\n - ImagingLib arbitrary code execution vulnerability (CVE-2010-0847). \n - AWT Library Invalid Index Vulnerability (CVE-2010-0848). \n \n Additional security issues that was fixed with IcedTea6 1.6.2:\n - deprecate MD2 in SSL cert validation (CVE-2009-2409). \n - ICC_Profile file existence detection information leak\n (CVE-2009-3728). \n - JRE AWT setDifflCM stack overflow (CVE-2009-3869). \n - JRE AWT setBytePixels heap overflow (CVE-2009-3871). \n - JPEG Image Writer quantization problem (CVE-2009-3873). \n - ImageI/O JPEG heap overflow (CVE-2009-3874). \n - MessageDigest.isEqual introduces timing attack vulnerabilities\n (CVE-2009-3875). \n - OpenJDK ASN.1/DER input stream parser denial of service\n (CVE-2009-3876, CVE-2009-3877)\n - GraphicsConfiguration information leak (CVE-2009-3879). \n - UI logging information leakage (CVE-2009-3880). \n - resurrected classloaders can still have children (CVE-2009-3881). \n - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). \n - Mutable statics in Windows PL\u0026F (findbugs) (CVE-2009-3883). \n - zoneinfo file existence information leak (CVE-2009-3884). \n - BMP parsing DoS with UNC ICC links (CVE-2009-3885). \n \n Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found\n and fixed a bug in IcedTea6 1.8 that is also applied to the provided\n packages:\n \n * plugin/icedteanp/IcedTeaNPPlugin.cc\n (plugin_filter_environment): Increment malloc size by one to\n account for\n NULL terminator. Bug# 474. \n \n Packages for 2009.0 are provided due to the Extended Maintenance\n Program. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3728\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3879\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3880\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3881\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3882\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3883\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3885\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848\n http://article.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/8938\n http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.html\n http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/a6a02193b073\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n 37c14ebea4b3ceccbecba4ffea2630a6 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 3f7ba1d78aaf5f1ca56e86fcb48e7192 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 12963efa8b4ea6691ba68f4e72e81e5d 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 6387d4381c518c5658701c114c5fcb9d 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n f90d2a22c10b6eb30aedef13207d346c 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 01e62b54974a3d1b5232de0baa196e41 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.i586.rpm \n 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 630941e679a033285ddf5cb3e4c1d092 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n 6330c6dda9cf7c59a90f529bceeee17b 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n c7d708c5f14d710a6bdcc352bb18a55a 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n edf4b1d8efeb157bb0f19b4c4cc55935 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n ac9f8227297249940b1845f3ad95165f 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n d1ed0ce1155c85c423d0cbe47eadfa5b 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm \n 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.1:\n 304bc2cab18b29781bfac69d4927ddce 2009.1/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 77f0d2e2b2c04288a5aae608a2f73f1a 2009.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 7ff7542b4328fd978725f8e0b02590d9 2009.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 3d1bf214209ea3aef86b58962e80901e 2009.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n f52cf5f8d3f85b98da246963d583f6bc 2009.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 87b2fd7ac9883e624e71faa993559e78 2009.1/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.i586.rpm \n 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n 883105d4347bb0864c7c73e4f0865066 2009.1/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n ac44d41806625e0be7a55ff30bf1f0e7 2009.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 67db7247fbf1b5be5391f33603b9148c 2009.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 0b6e7a93df49306976453daf29a29d96 2009.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 67e679d7aa4545a968889dcbb1a3fa8e 2009.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 4042e3ae7e3b2dbdcba0e73aadd219d5 2009.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm \n 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm\n\n Mandriva Linux 2010.0:\n f3c1bb7b091d5889a856edf93e066367 2010.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 7f717091a34f98e9547c698bf08065f5 2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 21b8532c934559100b0dbc498ba3c52e 2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 8711fdef27cce9af73191903f85dbcd6 2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 1905269f878bb1c6367dedc6797f6914 2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n c5f53d24770de6704f00fdf34c87a703 2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.i586.rpm \n b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 100203d38e76348f262d69d2cae8a7ba 2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n f155019a4a22d7bf7265c67024dcbc33 2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n 8eaf304d6eb93212d1045adc301de385 2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n 2e2082bd89db22cf5fa4be2ebaceb71c 2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n 3e7a1849db88a8b8ddcdf30441edfcb7 2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n fbc9da5e2080972f6f8c01f23e86890f 2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm \n b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm\n\n Mandriva Enterprise Server 5:\n 742a7a6dcc82962a132eadb91a2b1736 mes5/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n 3acd32ccd1fee71f07ccb4b038434ffd mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n c3358ac84dbc950752655fee46fd5e4b mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n a30ef6b33fd9ba1403ab46ef9643efdb mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n 534f95a18c4798ec80cdfe47bd1148a8 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n e79e4bd9462096222f5b07d681b3d418 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm \n 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 180566f92a5564c747c716ecdf082c8f mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 5e05d90fe32dfce7b15db7d9e5604227 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 09506c689ed0265023861e006fbcb624 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n c9ff4a3a4695c56b13268d76c355cfbe mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 0a70a54c2eed68e723cbc65de63bfbff mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 166c980a8479cd915f3507070c25508e mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm \n 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFL1/vUmqjQ0CJFipgRAlcyAJ9+2v53cztdo8nXoixp0vg0IuQjrACbB/vW\n+oOtru3I2iYRjlx04fi7wMw=\n=rIwa\n-----END PGP SIGNATURE-----\n. \nHP Integrated Lights-Out 2 (iLO2) firmware versions 2.05 and earlier. \nHP Integrated Lights-Out 3 (iLO3) firmware versions 1.16 and earlier. \n\nThe latest firmware and installation instructions are available from the HP Business Support Center: http://www.hp.com/go/bizsupport\n\nHP Integrated Lights-Out 2 (iLO2) Online ROM Flash Component for Linux and Windows v2.06 or subsequent. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201301-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Mozilla Products: Multiple vulnerabilities\n Date: January 08, 2013\n Bugs: #180159, #181361, #207261, #238535, #246602, #251322,\n #255221, #255234, #255687, #257577, #260062, #261386,\n #262704, #267234, #273918, #277752, #280226, #280234,\n #280393, #282549, #284439, #286721, #290892, #292034,\n #297532, #305689, #307045, #311021, #312361, #312645,\n #312651, #312675, #312679, #312763, #313003, #324735,\n #326341, #329279, #336396, #341821, #342847, #348316,\n #357057, #360055, #360315, #365323, #373595, #379549,\n #381245, #388045, #390771, #395431, #401701, #403183,\n #404437, #408161, #413657, #419917, #427224, #433383,\n #437780, #439586, #439960, #444318\n ID: 201301-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mozilla Firefox,\nThunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which\nmay allow execution of arbitrary code or local privilege escalation. \n\nBackground\n==========\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird\nan open-source email client, both from the Mozilla Project. The\nSeaMonkey project is a community effort to deliver production-quality\nreleases of code derived from the application formerly known as the\n\u0027Mozilla Application Suite\u0027. XULRunner is a Mozilla runtime package\nthat can be used to bootstrap XUL+XPCOM applications such as Firefox\nand Thunderbird. NSS is Mozilla\u0027s Network Security Services library\nthat implements PKI support. IceCat is the GNU version of Firefox. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/firefox \u003c 10.0.11 \u003e= 10.0.11\n 2 www-client/firefox-bin \u003c 10.0.11 \u003e= 10.0.11\n 3 mail-client/thunderbird \u003c 10.0.11 \u003e= 10.0.11\n 4 mail-client/thunderbird-bin\n \u003c 10.0.11 \u003e= 10.0.11\n 5 www-client/seamonkey \u003c 2.14-r1 \u003e= 2.14-r1\n 6 www-client/seamonkey-bin\n \u003c 2.14 \u003e= 2.14\n 7 dev-libs/nss \u003c 3.14 \u003e= 3.14\n 8 www-client/mozilla-firefox\n \u003c= 3.6.8 Vulnerable!\n 9 www-client/mozilla-firefox-bin\n \u003c= 3.5.6 Vulnerable!\n 10 mail-client/mozilla-thunderbird\n \u003c= 3.0.4-r1 Vulnerable!\n 11 mail-client/mozilla-thunderbird-bin\n \u003c= 3.0 Vulnerable!\n 12 www-client/icecat \u003c= 10.0-r1 Vulnerable!\n 13 net-libs/xulrunner \u003c= 2.0-r1 Vulnerable!\n 14 net-libs/xulrunner-bin \u003c= 1.8.1.19 Vulnerable!\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n -------------------------------------------------------------------\n 14 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox,\nThunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could entice a user to view a specially crafted web\npage or email, possibly resulting in execution of arbitrary code or a\nDenial of Service condition. Furthermore, a remote attacker may be able\nto perform Man-in-the-Middle attacks, obtain sensitive information,\nbypass restrictions and protection mechanisms, force file downloads,\nconduct XML injection attacks, conduct XSS attacks, bypass the Same\nOrigin Policy, spoof URL\u0027s for phishing attacks, trigger a vertical\nscroll, spoof the location bar, spoof an SSL indicator, modify the\nbrowser\u0027s font, conduct clickjacking attacks, or have other unspecified\nimpact. \n\nA local attacker could gain escalated privileges, obtain sensitive\ninformation, or replace an arbitrary downloaded file. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Firefox users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-10.0.11\"\n\nAll users of the Mozilla Firefox binary package should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-10.0.11\"=\n\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-10.0.11\"\n\nAll users of the Mozilla Thunderbird binary package should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-10.0.11\"\n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-2.14-r1\"\n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-bin-2.14\"\n\nAll NSS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/nss-3.14\"\n\nThe \"www-client/mozilla-firefox\" package has been merged into the\n\"www-client/firefox\" package. To upgrade, please unmerge\n\"www-client/mozilla-firefox\" and then emerge the latest\n\"www-client/firefox\" package:\n\n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-10.0.11\"\n\nThe \"www-client/mozilla-firefox-bin\" package has been merged into the\n\"www-client/firefox-bin\" package. To upgrade, please unmerge\n\"www-client/mozilla-firefox-bin\" and then emerge the latest\n\"www-client/firefox-bin\" package:\n\n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-10.0.11\"=\n\n\nThe \"mail-client/mozilla-thunderbird\" package has been merged into the\n\"mail-client/thunderbird\" package. To upgrade, please unmerge\n\"mail-client/mozilla-thunderbird\" and then emerge the latest\n\"mail-client/thunderbird\" package:\n\n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-10.0.11\"\n\nThe \"mail-client/mozilla-thunderbird-bin\" package has been merged into\nthe \"mail-client/thunderbird-bin\" package. To upgrade, please unmerge\n\"mail-client/mozilla-thunderbird-bin\" and then emerge the latest\n\"mail-client/thunderbird-bin\" package:\n\n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-10.0.11\"\n\nGentoo discontinued support for GNU IceCat. We recommend that users\nunmerge GNU IceCat:\n\n # emerge --unmerge \"www-client/icecat\"\n\nGentoo discontinued support for XULRunner. We recommend that users\nunmerge XULRunner:\n\n # emerge --unmerge \"net-libs/xulrunner\"\n\nGentoo discontinued support for the XULRunner binary package. We\nrecommend that users unmerge XULRunner:\n\n # emerge --unmerge \"net-libs/xulrunner-bin\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-3101\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101\n[ 2 ] CVE-2007-2436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436\n[ 3 ] CVE-2007-2437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437\n[ 4 ] CVE-2007-2671\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671\n[ 5 ] CVE-2007-3073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073\n[ 6 ] CVE-2008-0016\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016\n[ 7 ] CVE-2008-0017\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017\n[ 8 ] CVE-2008-0367\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367\n[ 9 ] CVE-2008-3835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835\n[ 10 ] CVE-2008-3836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836\n[ 11 ] CVE-2008-3837\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837\n[ 12 ] CVE-2008-4058\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058\n[ 13 ] CVE-2008-4059\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059\n[ 14 ] CVE-2008-4060\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060\n[ 15 ] CVE-2008-4061\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061\n[ 16 ] CVE-2008-4062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062\n[ 17 ] CVE-2008-4063\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063\n[ 18 ] CVE-2008-4064\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064\n[ 19 ] CVE-2008-4065\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065\n[ 20 ] CVE-2008-4066\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066\n[ 21 ] CVE-2008-4067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067\n[ 22 ] CVE-2008-4068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068\n[ 23 ] CVE-2008-4069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069\n[ 24 ] CVE-2008-4070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070\n[ 25 ] CVE-2008-4582\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582\n[ 26 ] CVE-2008-5012\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012\n[ 27 ] CVE-2008-5013\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013\n[ 28 ] CVE-2008-5014\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014\n[ 29 ] CVE-2008-5015\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015\n[ 30 ] CVE-2008-5016\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016\n[ 31 ] CVE-2008-5017\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017\n[ 32 ] CVE-2008-5018\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018\n[ 33 ] CVE-2008-5019\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019\n[ 34 ] CVE-2008-5021\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021\n[ 35 ] CVE-2008-5022\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022\n[ 36 ] CVE-2008-5023\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023\n[ 37 ] CVE-2008-5024\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024\n[ 38 ] CVE-2008-5052\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052\n[ 39 ] CVE-2008-5500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500\n[ 40 ] CVE-2008-5501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501\n[ 41 ] CVE-2008-5502\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502\n[ 42 ] CVE-2008-5503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503\n[ 43 ] CVE-2008-5504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504\n[ 44 ] CVE-2008-5505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505\n[ 45 ] CVE-2008-5506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506\n[ 46 ] CVE-2008-5507\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507\n[ 47 ] CVE-2008-5508\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508\n[ 48 ] CVE-2008-5510\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510\n[ 49 ] CVE-2008-5511\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511\n[ 50 ] CVE-2008-5512\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512\n[ 51 ] CVE-2008-5513\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513\n[ 52 ] CVE-2008-5822\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822\n[ 53 ] CVE-2008-5913\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913\n[ 54 ] CVE-2008-6961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961\n[ 55 ] CVE-2009-0071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071\n[ 56 ] CVE-2009-0071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071\n[ 57 ] CVE-2009-0352\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352\n[ 58 ] CVE-2009-0353\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353\n[ 59 ] CVE-2009-0354\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354\n[ 60 ] CVE-2009-0355\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355\n[ 61 ] CVE-2009-0356\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356\n[ 62 ] CVE-2009-0357\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357\n[ 63 ] CVE-2009-0358\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358\n[ 64 ] CVE-2009-0652\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652\n[ 65 ] CVE-2009-0771\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771\n[ 66 ] CVE-2009-0772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772\n[ 67 ] CVE-2009-0773\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773\n[ 68 ] CVE-2009-0774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774\n[ 69 ] CVE-2009-0775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775\n[ 70 ] CVE-2009-0776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776\n[ 71 ] CVE-2009-0777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777\n[ 72 ] CVE-2009-1044\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044\n[ 73 ] CVE-2009-1169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169\n[ 74 ] CVE-2009-1302\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302\n[ 75 ] CVE-2009-1303\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303\n[ 76 ] CVE-2009-1304\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304\n[ 77 ] CVE-2009-1305\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305\n[ 78 ] CVE-2009-1306\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306\n[ 79 ] CVE-2009-1307\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307\n[ 80 ] CVE-2009-1308\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308\n[ 81 ] CVE-2009-1309\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309\n[ 82 ] CVE-2009-1310\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310\n[ 83 ] CVE-2009-1311\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311\n[ 84 ] CVE-2009-1312\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312\n[ 85 ] CVE-2009-1313\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313\n[ 86 ] CVE-2009-1392\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392\n[ 87 ] CVE-2009-1563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563\n[ 88 ] CVE-2009-1571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571\n[ 89 ] CVE-2009-1828\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828\n[ 90 ] CVE-2009-1832\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832\n[ 91 ] CVE-2009-1833\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833\n[ 92 ] CVE-2009-1834\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834\n[ 93 ] CVE-2009-1835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835\n[ 94 ] CVE-2009-1836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836\n[ 95 ] CVE-2009-1837\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837\n[ 96 ] CVE-2009-1838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838\n[ 97 ] CVE-2009-1839\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839\n[ 98 ] CVE-2009-1840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840\n[ 99 ] CVE-2009-1841\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841\n[ 100 ] CVE-2009-2043\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043\n[ 101 ] CVE-2009-2044\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044\n[ 102 ] CVE-2009-2061\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061\n[ 103 ] CVE-2009-2065\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065\n[ 104 ] CVE-2009-2210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210\n[ 105 ] CVE-2009-2404\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404\n[ 106 ] CVE-2009-2408\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408\n[ 107 ] CVE-2009-2462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462\n[ 108 ] CVE-2009-2463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463\n[ 109 ] CVE-2009-2464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464\n[ 110 ] CVE-2009-2465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465\n[ 111 ] CVE-2009-2466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466\n[ 112 ] CVE-2009-2467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467\n[ 113 ] CVE-2009-2469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469\n[ 114 ] CVE-2009-2470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470\n[ 115 ] CVE-2009-2471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471\n[ 116 ] CVE-2009-2472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472\n[ 117 ] CVE-2009-2477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477\n[ 118 ] CVE-2009-2478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478\n[ 119 ] CVE-2009-2479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479\n[ 120 ] CVE-2009-2535\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535\n[ 121 ] CVE-2009-2654\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654\n[ 122 ] CVE-2009-2662\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662\n[ 123 ] CVE-2009-2664\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664\n[ 124 ] CVE-2009-2665\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665\n[ 125 ] CVE-2009-3069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069\n[ 126 ] CVE-2009-3070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070\n[ 127 ] CVE-2009-3071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071\n[ 128 ] CVE-2009-3072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072\n[ 129 ] CVE-2009-3074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074\n[ 130 ] CVE-2009-3075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075\n[ 131 ] CVE-2009-3076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076\n[ 132 ] CVE-2009-3077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077\n[ 133 ] CVE-2009-3078\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078\n[ 134 ] CVE-2009-3079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079\n[ 135 ] CVE-2009-3274\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274\n[ 136 ] CVE-2009-3371\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371\n[ 137 ] CVE-2009-3372\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372\n[ 138 ] CVE-2009-3373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373\n[ 139 ] CVE-2009-3374\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374\n[ 140 ] CVE-2009-3375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375\n[ 141 ] CVE-2009-3376\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376\n[ 142 ] CVE-2009-3377\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377\n[ 143 ] CVE-2009-3378\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378\n[ 144 ] CVE-2009-3379\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379\n[ 145 ] CVE-2009-3380\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380\n[ 146 ] CVE-2009-3381\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381\n[ 147 ] CVE-2009-3382\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382\n[ 148 ] CVE-2009-3383\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383\n[ 149 ] CVE-2009-3388\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388\n[ 150 ] CVE-2009-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389\n[ 151 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 152 ] CVE-2009-3978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978\n[ 153 ] CVE-2009-3979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979\n[ 154 ] CVE-2009-3980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980\n[ 155 ] CVE-2009-3981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981\n[ 156 ] CVE-2009-3982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982\n[ 157 ] CVE-2009-3983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983\n[ 158 ] CVE-2009-3984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984\n[ 159 ] CVE-2009-3985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985\n[ 160 ] CVE-2009-3986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986\n[ 161 ] CVE-2009-3987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987\n[ 162 ] CVE-2009-3988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988\n[ 163 ] CVE-2010-0159\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159\n[ 164 ] CVE-2010-0160\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160\n[ 165 ] CVE-2010-0162\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162\n[ 166 ] CVE-2010-0163\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163\n[ 167 ] CVE-2010-0164\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164\n[ 168 ] CVE-2010-0165\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165\n[ 169 ] CVE-2010-0166\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166\n[ 170 ] CVE-2010-0167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167\n[ 171 ] CVE-2010-0167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167\n[ 172 ] CVE-2010-0168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168\n[ 173 ] CVE-2010-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169\n[ 174 ] CVE-2010-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169\n[ 175 ] CVE-2010-0170\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170\n[ 176 ] CVE-2010-0171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171\n[ 177 ] CVE-2010-0171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171\n[ 178 ] CVE-2010-0172\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172\n[ 179 ] CVE-2010-0173\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173\n[ 180 ] CVE-2010-0174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174\n[ 181 ] CVE-2010-0174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174\n[ 182 ] CVE-2010-0175\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175\n[ 183 ] CVE-2010-0175\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175\n[ 184 ] CVE-2010-0176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176\n[ 185 ] CVE-2010-0176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176\n[ 186 ] CVE-2010-0177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177\n[ 187 ] CVE-2010-0178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178\n[ 188 ] CVE-2010-0179\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179\n[ 189 ] CVE-2010-0181\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181\n[ 190 ] CVE-2010-0182\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182\n[ 191 ] CVE-2010-0183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183\n[ 192 ] CVE-2010-0220\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220\n[ 193 ] CVE-2010-0648\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648\n[ 194 ] CVE-2010-0654\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654\n[ 195 ] CVE-2010-1028\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028\n[ 196 ] CVE-2010-1121\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121\n[ 197 ] CVE-2010-1125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125\n[ 198 ] CVE-2010-1196\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196\n[ 199 ] CVE-2010-1197\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197\n[ 200 ] CVE-2010-1198\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198\n[ 201 ] CVE-2010-1199\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199\n[ 202 ] CVE-2010-1200\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200\n[ 203 ] CVE-2010-1201\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201\n[ 204 ] CVE-2010-1202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202\n[ 205 ] CVE-2010-1203\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203\n[ 206 ] CVE-2010-1205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205\n[ 207 ] CVE-2010-1206\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206\n[ 208 ] CVE-2010-1207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207\n[ 209 ] CVE-2010-1208\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208\n[ 210 ] CVE-2010-1209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209\n[ 211 ] CVE-2010-1210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210\n[ 212 ] CVE-2010-1211\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211\n[ 213 ] CVE-2010-1212\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212\n[ 214 ] CVE-2010-1213\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213\n[ 215 ] CVE-2010-1214\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214\n[ 216 ] CVE-2010-1215\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215\n[ 217 ] CVE-2010-1585\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585\n[ 218 ] CVE-2010-2751\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751\n[ 219 ] CVE-2010-2752\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752\n[ 220 ] CVE-2010-2753\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753\n[ 221 ] CVE-2010-2754\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754\n[ 222 ] CVE-2010-2755\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755\n[ 223 ] CVE-2010-2760\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760\n[ 224 ] CVE-2010-2762\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762\n[ 225 ] CVE-2010-2763\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763\n[ 226 ] CVE-2010-2764\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764\n[ 227 ] CVE-2010-2765\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765\n[ 228 ] CVE-2010-2766\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766\n[ 229 ] CVE-2010-2767\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767\n[ 230 ] CVE-2010-2768\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768\n[ 231 ] CVE-2010-2769\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769\n[ 232 ] CVE-2010-2770\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770\n[ 233 ] CVE-2010-3131\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131\n[ 234 ] CVE-2010-3166\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166\n[ 235 ] CVE-2010-3167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167\n[ 236 ] CVE-2010-3168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168\n[ 237 ] CVE-2010-3169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169\n[ 238 ] CVE-2010-3170\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170\n[ 239 ] CVE-2010-3171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171\n[ 240 ] CVE-2010-3173\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173\n[ 241 ] CVE-2010-3174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174\n[ 242 ] CVE-2010-3175\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175\n[ 243 ] CVE-2010-3176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176\n[ 244 ] CVE-2010-3177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177\n[ 245 ] CVE-2010-3178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178\n[ 246 ] CVE-2010-3179\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179\n[ 247 ] CVE-2010-3180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180\n[ 248 ] CVE-2010-3182\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182\n[ 249 ] CVE-2010-3183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183\n[ 250 ] CVE-2010-3399\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399\n[ 251 ] CVE-2010-3400\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400\n[ 252 ] CVE-2010-3765\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765\n[ 253 ] CVE-2010-3766\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766\n[ 254 ] CVE-2010-3767\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767\n[ 255 ] CVE-2010-3768\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768\n[ 256 ] CVE-2010-3769\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769\n[ 257 ] CVE-2010-3770\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770\n[ 258 ] CVE-2010-3771\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771\n[ 259 ] CVE-2010-3772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772\n[ 260 ] CVE-2010-3773\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773\n[ 261 ] CVE-2010-3774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774\n[ 262 ] CVE-2010-3775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775\n[ 263 ] CVE-2010-3776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776\n[ 264 ] CVE-2010-3777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777\n[ 265 ] CVE-2010-3778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778\n[ 266 ] CVE-2010-4508\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508\n[ 267 ] CVE-2010-5074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074\n[ 268 ] CVE-2011-0051\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051\n[ 269 ] CVE-2011-0053\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053\n[ 270 ] CVE-2011-0054\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054\n[ 271 ] CVE-2011-0055\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055\n[ 272 ] CVE-2011-0056\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056\n[ 273 ] CVE-2011-0057\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057\n[ 274 ] CVE-2011-0058\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058\n[ 275 ] CVE-2011-0059\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059\n[ 276 ] CVE-2011-0061\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061\n[ 277 ] CVE-2011-0062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062\n[ 278 ] CVE-2011-0065\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065\n[ 279 ] CVE-2011-0066\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066\n[ 280 ] CVE-2011-0067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067\n[ 281 ] CVE-2011-0068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068\n[ 282 ] CVE-2011-0069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069\n[ 283 ] CVE-2011-0070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070\n[ 284 ] CVE-2011-0071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071\n[ 285 ] CVE-2011-0072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072\n[ 286 ] CVE-2011-0073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073\n[ 287 ] CVE-2011-0074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074\n[ 288 ] CVE-2011-0075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075\n[ 289 ] CVE-2011-0076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076\n[ 290 ] CVE-2011-0077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077\n[ 291 ] CVE-2011-0078\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078\n[ 292 ] CVE-2011-0079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079\n[ 293 ] CVE-2011-0080\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080\n[ 294 ] CVE-2011-0081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081\n[ 295 ] CVE-2011-0082\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082\n[ 296 ] CVE-2011-0083\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083\n[ 297 ] CVE-2011-0084\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084\n[ 298 ] CVE-2011-0085\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085\n[ 299 ] CVE-2011-1187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187\n[ 300 ] CVE-2011-1202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202\n[ 301 ] CVE-2011-1712\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712\n[ 302 ] CVE-2011-2362\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362\n[ 303 ] CVE-2011-2363\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363\n[ 304 ] CVE-2011-2364\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364\n[ 305 ] CVE-2011-2365\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365\n[ 306 ] CVE-2011-2369\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369\n[ 307 ] CVE-2011-2370\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370\n[ 308 ] CVE-2011-2371\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371\n[ 309 ] CVE-2011-2372\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372\n[ 310 ] CVE-2011-2373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373\n[ 311 ] CVE-2011-2374\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374\n[ 312 ] CVE-2011-2375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375\n[ 313 ] CVE-2011-2376\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376\n[ 314 ] CVE-2011-2377\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377\n[ 315 ] CVE-2011-2378\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378\n[ 316 ] CVE-2011-2605\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605\n[ 317 ] CVE-2011-2980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980\n[ 318 ] CVE-2011-2981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981\n[ 319 ] CVE-2011-2982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982\n[ 320 ] CVE-2011-2983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983\n[ 321 ] CVE-2011-2984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984\n[ 322 ] CVE-2011-2985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985\n[ 323 ] CVE-2011-2986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986\n[ 324 ] CVE-2011-2987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987\n[ 325 ] CVE-2011-2988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988\n[ 326 ] CVE-2011-2989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989\n[ 327 ] CVE-2011-2990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990\n[ 328 ] CVE-2011-2991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991\n[ 329 ] CVE-2011-2993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993\n[ 330 ] CVE-2011-2995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995\n[ 331 ] CVE-2011-2996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996\n[ 332 ] CVE-2011-2997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997\n[ 333 ] CVE-2011-2998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998\n[ 334 ] CVE-2011-2999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999\n[ 335 ] CVE-2011-3000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000\n[ 336 ] CVE-2011-3001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001\n[ 337 ] CVE-2011-3002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002\n[ 338 ] CVE-2011-3003\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003\n[ 339 ] CVE-2011-3004\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004\n[ 340 ] CVE-2011-3005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005\n[ 341 ] CVE-2011-3026\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026\n[ 342 ] CVE-2011-3062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062\n[ 343 ] CVE-2011-3232\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232\n[ 344 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 345 ] CVE-2011-3640\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640\n[ 346 ] CVE-2011-3647\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647\n[ 347 ] CVE-2011-3648\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648\n[ 348 ] CVE-2011-3649\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649\n[ 349 ] CVE-2011-3650\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650\n[ 350 ] CVE-2011-3651\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651\n[ 351 ] CVE-2011-3652\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652\n[ 352 ] CVE-2011-3653\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653\n[ 353 ] CVE-2011-3654\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654\n[ 354 ] CVE-2011-3655\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655\n[ 355 ] CVE-2011-3658\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658\n[ 356 ] CVE-2011-3659\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659\n[ 357 ] CVE-2011-3660\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660\n[ 358 ] CVE-2011-3661\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661\n[ 359 ] CVE-2011-3663\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663\n[ 360 ] CVE-2011-3665\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665\n[ 361 ] CVE-2011-3670\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670\n[ 362 ] CVE-2011-3866\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866\n[ 363 ] CVE-2011-4688\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688\n[ 364 ] CVE-2012-0441\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441\n[ 365 ] CVE-2012-0442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442\n[ 366 ] CVE-2012-0443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443\n[ 367 ] CVE-2012-0444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444\n[ 368 ] CVE-2012-0445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445\n[ 369 ] CVE-2012-0446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446\n[ 370 ] CVE-2012-0447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447\n[ 371 ] CVE-2012-0449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449\n[ 372 ] CVE-2012-0450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450\n[ 373 ] CVE-2012-0451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451\n[ 374 ] CVE-2012-0452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452\n[ 375 ] CVE-2012-0455\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455\n[ 376 ] CVE-2012-0456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456\n[ 377 ] CVE-2012-0457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457\n[ 378 ] CVE-2012-0458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458\n[ 379 ] CVE-2012-0459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459\n[ 380 ] CVE-2012-0460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460\n[ 381 ] CVE-2012-0461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461\n[ 382 ] CVE-2012-0462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462\n[ 383 ] CVE-2012-0463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463\n[ 384 ] CVE-2012-0464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464\n[ 385 ] CVE-2012-0467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467\n[ 386 ] CVE-2012-0468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468\n[ 387 ] CVE-2012-0469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469\n[ 388 ] CVE-2012-0470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470\n[ 389 ] CVE-2012-0471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471\n[ 390 ] CVE-2012-0473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473\n[ 391 ] CVE-2012-0474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474\n[ 392 ] CVE-2012-0475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475\n[ 393 ] CVE-2012-0477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477\n[ 394 ] CVE-2012-0478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478\n[ 395 ] CVE-2012-0479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479\n[ 396 ] CVE-2012-1937\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937\n[ 397 ] CVE-2012-1938\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938\n[ 398 ] CVE-2012-1939\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939\n[ 399 ] CVE-2012-1940\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940\n[ 400 ] CVE-2012-1941\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941\n[ 401 ] CVE-2012-1945\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945\n[ 402 ] CVE-2012-1946\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946\n[ 403 ] CVE-2012-1947\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947\n[ 404 ] CVE-2012-1948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948\n[ 405 ] CVE-2012-1949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949\n[ 406 ] CVE-2012-1950\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950\n[ 407 ] CVE-2012-1951\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951\n[ 408 ] CVE-2012-1952\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952\n[ 409 ] CVE-2012-1953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953\n[ 410 ] CVE-2012-1954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954\n[ 411 ] CVE-2012-1955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955\n[ 412 ] CVE-2012-1956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956\n[ 413 ] CVE-2012-1957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957\n[ 414 ] CVE-2012-1958\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958\n[ 415 ] CVE-2012-1959\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959\n[ 416 ] CVE-2012-1960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960\n[ 417 ] CVE-2012-1961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961\n[ 418 ] CVE-2012-1962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962\n[ 419 ] CVE-2012-1963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963\n[ 420 ] CVE-2012-1964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964\n[ 421 ] CVE-2012-1965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965\n[ 422 ] CVE-2012-1966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966\n[ 423 ] CVE-2012-1967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967\n[ 424 ] CVE-2012-1970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970\n[ 425 ] CVE-2012-1971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971\n[ 426 ] CVE-2012-1972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972\n[ 427 ] CVE-2012-1973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973\n[ 428 ] CVE-2012-1974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974\n[ 429 ] CVE-2012-1975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975\n[ 430 ] CVE-2012-1976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976\n[ 431 ] CVE-2012-1994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994\n[ 432 ] CVE-2012-3956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956\n[ 433 ] CVE-2012-3957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957\n[ 434 ] CVE-2012-3958\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958\n[ 435 ] CVE-2012-3959\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959\n[ 436 ] CVE-2012-3960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960\n[ 437 ] CVE-2012-3961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961\n[ 438 ] CVE-2012-3962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962\n[ 439 ] CVE-2012-3963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963\n[ 440 ] CVE-2012-3964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964\n[ 441 ] CVE-2012-3965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965\n[ 442 ] CVE-2012-3966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966\n[ 443 ] CVE-2012-3967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967\n[ 444 ] CVE-2012-3968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968\n[ 445 ] CVE-2012-3969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969\n[ 446 ] CVE-2012-3970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970\n[ 447 ] CVE-2012-3971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971\n[ 448 ] CVE-2012-3972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972\n[ 449 ] CVE-2012-3973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973\n[ 450 ] CVE-2012-3975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975\n[ 451 ] CVE-2012-3976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976\n[ 452 ] CVE-2012-3977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977\n[ 453 ] CVE-2012-3978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978\n[ 454 ] CVE-2012-3980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980\n[ 455 ] CVE-2012-3982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982\n[ 456 ] CVE-2012-3984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984\n[ 457 ] CVE-2012-3985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985\n[ 458 ] CVE-2012-3986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986\n[ 459 ] CVE-2012-3988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988\n[ 460 ] CVE-2012-3989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989\n[ 461 ] CVE-2012-3990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990\n[ 462 ] CVE-2012-3991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991\n[ 463 ] CVE-2012-3992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992\n[ 464 ] CVE-2012-3993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993\n[ 465 ] CVE-2012-3994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994\n[ 466 ] CVE-2012-3995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995\n[ 467 ] CVE-2012-4179\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179\n[ 468 ] CVE-2012-4180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180\n[ 469 ] CVE-2012-4181\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181\n[ 470 ] CVE-2012-4182\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182\n[ 471 ] CVE-2012-4183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183\n[ 472 ] CVE-2012-4184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184\n[ 473 ] CVE-2012-4185\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185\n[ 474 ] CVE-2012-4186\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186\n[ 475 ] CVE-2012-4187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187\n[ 476 ] CVE-2012-4188\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188\n[ 477 ] CVE-2012-4190\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190\n[ 478 ] CVE-2012-4191\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191\n[ 479 ] CVE-2012-4192\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192\n[ 480 ] CVE-2012-4193\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193\n[ 481 ] CVE-2012-4194\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194\n[ 482 ] CVE-2012-4195\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195\n[ 483 ] CVE-2012-4196\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196\n[ 484 ] CVE-2012-4201\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201\n[ 485 ] CVE-2012-4202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202\n[ 486 ] CVE-2012-4204\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204\n[ 487 ] CVE-2012-4205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205\n[ 488 ] CVE-2012-4206\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206\n[ 489 ] CVE-2012-4207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207\n[ 490 ] CVE-2012-4208\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208\n[ 491 ] CVE-2012-4209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209\n[ 492 ] CVE-2012-4210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210\n[ 493 ] CVE-2012-4212\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212\n[ 494 ] CVE-2012-4215\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215\n[ 495 ] CVE-2012-4216\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216\n[ 496 ] CVE-2012-5354\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354\n[ 497 ] CVE-2012-5829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829\n[ 498 ] CVE-2012-5830\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830\n[ 499 ] CVE-2012-5833\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833\n[ 500 ] CVE-2012-5835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835\n[ 501 ] CVE-2012-5836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836\n[ 502 ] CVE-2012-5838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838\n[ 503 ] CVE-2012-5839\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839\n[ 504 ] CVE-2012-5840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840\n[ 505 ] CVE-2012-5841\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841\n[ 506 ] CVE-2012-5842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842\n[ 507 ] CVE-2012-5843\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843\n[ 508 ] Firefox Blocking Fraudulent Certificates\n\nhttp://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c=\nertificates/\n[ 509 ] Mozilla Foundation Security Advisory 2011-11\n http://www.mozilla.org/security/announce/2011/mfsa2011-11.html\n[ 510 ] Mozilla Foundation Security Advisory 2011-34\n http://www.mozilla.org/security/announce/2011/mfsa2011-34.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201301-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nBackground\n==========\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and\nthe Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)\nprovide the Oracle Java platform (formerly known as Sun Java Platform). \n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. All 1.5 JRE versions are masked\nand will be removed shortly. All 1.5 JDK versions are marked as\n\"build-only\" and will be masked for removal shortly. Users are advised\nto change their default user and system Java implementation to an\nunaffected version. For example:\n\n # java-config --set-system-vm sun-jdk-1.6\n\nFor more information, please consult the Gentoo Linux Java\ndocumentation. Such input strings represent valid\nnumbers and can be contained in data supplied by an attacker over the\nnetwork, leading to a denial-of-service attack. \n\nFor the old stable distribution (lenny), this problem has been fixed\nin version 6b18-1.8.3-2~lenny1. \n\nNote that this update introduces an OpenJDK package based on the\nIcedTea release 1.8.3 into the old stable distribution. This\naddresses several dozen security vulnerabilities, most of which are\nonly exploitable by malicious mobile code. A notable exception is\nCVE-2009-3555, the TLS renegotiation vulnerability. This update\nimplements the protocol extension described in RFC 5746, addressing\nthis issue. \n\nThis update also includes a new version of Hotspot, the Java virtual\nmachine, which increases the default heap size on machines with\nseveral GB of RAM. If you run several JVMs on the same machine, you\nmight have to reduce the heap size by specifying a suitable -Xmx\nargument in the invocation of the \"java\" command. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nHP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nRelease Date: 2010-09-15\nLast Updated: 2010-09-15\n\nPotential Security Impact: Remote cross site scripting (XSS), HTTP response splitting, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), HTTP response splitting, Denial of Service (DoS), information disclosure, and data modification. \n\nReferences: CVE-2010-3010\n XSS\n\nCVE-2010-3011\n HTTP response splitting\n\nCVE-2010-2068\n Apache\n\nCVE-2009-4143\n PHP\n\nCVE-2009-4018\n PHP\n\nCVE-2009-4017\n PHP\n\nCVE-2009-3555\n SSL\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP System Management Homepage for Linux (x86) prior to v6.2\nHP System Management Homepage for Linux (AMD64/EM64T) prior to v6.2\nHP System Management Homepage for Windows prior to v6.2\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-3010 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2010-3011 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2010-2068 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2009-4143 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2009-4018 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2009-4017 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided HP System Management Homepage v6.2 or subsequent to resolve the vulnerabilities. \n\nHP System Management Homepage v6.2 or subsequent for Linux (x86), Linux (AMD64/EM64T), and Windows can be downloaded from the following link. \n\nhttp://www.hp.com/servers/manage/smh\n\nPRODUCT SPECIFIC INFORMATION\nNone\n\nHISTORY\nVersion:1 (rev.1) - 15 September 2010 Initial Release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAkyQ1mwACgkQ4B86/C0qfVnXFQCglbMn0B+FmCZvloAoXci/cEpU\nceEAoNPOhpE7qN8Ckcf3HDXsfRydveyw\n=mQKh\n-----END PGP SIGNATURE-----\n. OpenSSL Security Advisory [11-Nov-2009]\n=======================================\n\nA potentially serious flaw in SSL and TLS has been worked around in\nOpenSSL 0.9.8l. \n\nSince many changes had occurred on the 0.9.8 branch without a public\nrelease it was decided to release 0.9.8l based on the last publicly\ntested release version 0.9.8k. \n\nMan-in-the-middle Renegotiation Attack\n======================================\n\nA man-in-the-middle (MitM) can intercept an SSL connection and instead\nmake his own connection to the server. He can then send arbitrary data\nand trigger a renegotiation using the client\u0027s original connection\ndata. \n\nFrom the server\u0027s point of view the client simply connected, sent\ndata, renegotiated and continued. \n\nFrom the client\u0027s point of view he connects to the server\nnormally. There is no indication at the SSL level that the attack\noccurred. There may be indications at the level of the protocol\nlayered on top of SSL, for example, unexpected or pipelined responses. \n\nThis attack can also be performed when the server requests a\nrenegotiation - in this variant, the MitM would wait for the server\u0027s\nrenegotiation request and at that point replay the clients original\nconnection data. \n\nOnce the original client connection data has been replayed, the MitM\ncan no longer inject data, nor can he read the traffic over the SSL\nconnection in either direction. Because of the\nnature of the attack, this is only an effective defence when deployed\non servers. \n\nServers that need renegotiation to function correctly obviously cannot\ndeploy this fix without breakage. \n\nSeverity\n========\n\nBecause of the enormous difficulty of analysing every possible attack\non every protocol that is layered on SSL, the OpenSSL Team classify\nthis as a severe issue and recommend that everyone who does not rely\non renegotiation deploy 0.9.8l as soon as possible. \n\nHistory\n=======\n\nA small number of people knew about the problem in advance under NDA\nand a comprehensive fix was being developed. Unfortunately the issue\nwas independently discovered and the details made public so a less\nthan ideal brute force emergency fix had to be developed and released. \n\nFuture Plans\n============\n\nA TLS extension has been defined which will cryptographically bind the\nsession before renegotiation to the session after. \n\nBecause renegotiation is, in practice, rarely used we will not be\nrushing the production of 0.9.8m, but will instead test\ninteroperability with other implementations, and ensure the stability\nof the other fixes before release. \n\nAcknowledgements\n================\n\nThanks to Marsh Ray, who discovered the issue, and Steve Dispensa of\nPhoneFactor. Also thanks to ICASI who managed the early coordination\nof this issue. \n\nReferences\n===========\n\nCVE-2009-3555:\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n\nTLS extension:\nhttps://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20091111.txt\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3555"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002319"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "PACKETSTORM",
"id": "130868"
},
{
"db": "PACKETSTORM",
"id": "88167"
},
{
"db": "PACKETSTORM",
"id": "100761"
},
{
"db": "PACKETSTORM",
"id": "89026"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "PACKETSTORM",
"id": "106754"
},
{
"db": "PACKETSTORM",
"id": "119293"
},
{
"db": "PACKETSTORM",
"id": "90286"
},
{
"db": "PACKETSTORM",
"id": "98469"
},
{
"db": "PACKETSTORM",
"id": "88698"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "PACKETSTORM",
"id": "93944"
},
{
"db": "PACKETSTORM",
"id": "169645"
},
{
"db": "PACKETSTORM",
"id": "111583"
}
],
"trust": 4.41
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-41001",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41001"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-3555",
"trust": 5.6
},
{
"db": "CERT/CC",
"id": "VU#120541",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "38020",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "39242",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "39243",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "37453",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "40747",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "39500",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "39136",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2010-0086",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2009-3310",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2010-0982",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2010-3126",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2009-3313",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2010-3086",
"trust": 1.9
},
{
"db": "USCERT",
"id": "TA10-222A",
"trust": 1.9
},
{
"db": "BID",
"id": "36935",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002319",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "38781",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42377",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37501",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39632",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37604",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "41972",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "43308",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "38241",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37859",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "40070",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "41818",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39292",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42816",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42379",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39317",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42467",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37320",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37640",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37656",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37383",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42724",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "38003",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "44183",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42733",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "38484",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "40545",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "40866",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "38056",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39278",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42808",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37675",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39127",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39461",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39819",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "41490",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39628",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "44954",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "48577",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42811",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37291",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "41480",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37292",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37399",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "39713",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "38687",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "37504",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "41967",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023217",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023273",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023274",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023206",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023272",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023427",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023218",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023163",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023214",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023211",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023219",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023216",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1024789",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023148",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023213",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023271",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023243",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023209",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023215",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023208",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023411",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023204",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023224",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023210",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023207",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023426",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023428",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023205",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023275",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023270",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1023212",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-2745",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3353",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-3069",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3354",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3484",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-1793",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0033",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3220",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-2010",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-1639",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-1107",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-0916",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3164",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0032",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0086",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-0748",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-1350",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3521",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-0994",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-1191",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-0173",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3587",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-0933",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3205",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-1054",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-0848",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-1673",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3165",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/05/3",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/07/3",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/23/10",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/05/5",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/20/1",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/06/3",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "65202",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "62210",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "60521",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "60972",
"trust": 1.1
},
{
"db": "HITACHI",
"id": "HS10-030",
"trust": 1.1
},
{
"db": "USCERT",
"id": "TA10-287A",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "44293",
"trust": 0.9
},
{
"db": "VUPEN",
"id": "ADV-2010-0212",
"trust": 0.8
},
{
"db": "VUPEN",
"id": "ADV-2010-0125",
"trust": 0.8
},
{
"db": "VUPEN",
"id": "ADV-2011-1039",
"trust": 0.8
},
{
"db": "VUPEN",
"id": "ADV-2010-1942",
"trust": 0.8
},
{
"db": "VUPEN",
"id": "ADV-2010-2046",
"trust": 0.8
},
{
"db": "VUPEN",
"id": "ADV-2010-0457",
"trust": 0.8
},
{
"db": "VUPEN",
"id": "ADV-2010-2660",
"trust": 0.8
},
{
"db": "VUPEN",
"id": "ADV-2010-1280",
"trust": 0.8
},
{
"db": "VUPEN",
"id": "ADV-2009-3393",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "38608",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "38728",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "38338",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "44260",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "37566",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "40879",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "44292",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA10-222A",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-160-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95298925",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "130868",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "88167",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "89136",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "88698",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "90286",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "10071",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "10579",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82657",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83271",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "90262",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88173",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "91309",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120365",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106155",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83415",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111273",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83414",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92095",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124088",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120714",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "94087",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "97489",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131826",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "95279",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137201",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106156",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92497",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88621",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "94088",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89667",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84112",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84183",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "86075",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114810",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88224",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123380",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84181",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-67231",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-41001",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169645",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "93944",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100761",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89026",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111583",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106754",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "98469",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111920",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "PACKETSTORM",
"id": "169645"
},
{
"db": "PACKETSTORM",
"id": "93944"
},
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "PACKETSTORM",
"id": "130868"
},
{
"db": "PACKETSTORM",
"id": "88167"
},
{
"db": "PACKETSTORM",
"id": "100761"
},
{
"db": "PACKETSTORM",
"id": "89026"
},
{
"db": "PACKETSTORM",
"id": "111583"
},
{
"db": "PACKETSTORM",
"id": "106754"
},
{
"db": "PACKETSTORM",
"id": "119293"
},
{
"db": "PACKETSTORM",
"id": "90286"
},
{
"db": "PACKETSTORM",
"id": "98469"
},
{
"db": "PACKETSTORM",
"id": "88698"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002319"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"id": "VAR-200911-0398",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41001"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T20:09:13.451000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBHF03293",
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2"
},
{
"title": "Changes with Apache 2.2.15",
"trust": 0.8,
"url": "http://www.apache.org/dist/httpd/CHANGES_2.2.15"
},
{
"title": "Changes with Apache 2.3.6",
"trust": 0.8,
"url": "http://www.apache.org/dist/httpd/CHANGES_2.3.6"
},
{
"title": "HT4170",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4170"
},
{
"title": "HT4418",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4418"
},
{
"title": "HT4171",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4171"
},
{
"title": "HT4004",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4004"
},
{
"title": "HT4417",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4417"
},
{
"title": "HT4004",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4004?viewlocale=ja_JP"
},
{
"title": "HT4417",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4417?viewlocale=ja_JP"
},
{
"title": "HT4170",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4170?viewlocale=ja_JP"
},
{
"title": "HT4418",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4418?viewlocale=ja_JP"
},
{
"title": "HT4171",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4171?viewlocale=ja_JP"
},
{
"title": "openssl097a-0.9.7a-9.AXS3.2",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1011"
},
{
"title": "jdk-1.6.0_19",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1028"
},
{
"title": "httpd-2.2.3-31.2.1AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=774"
},
{
"title": "nss-3.12.6-1.AXS3 and nspr-4.8.4-1.AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1012"
},
{
"title": "gnutls-1.4.1-3.8.0.1.AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1013"
},
{
"title": "jdk-1.6.0_22",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1285"
},
{
"title": "openssl-0.9.8e-12.AXS3.6",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1014"
},
{
"title": "609365",
"trust": 0.8,
"url": "http://search.sybase.com/kbx/changerequests?bug_id=609365"
},
{
"title": "cisco-sa-20091109-tls",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml"
},
{
"title": "cpujul2010.html",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html"
},
{
"title": "javacpuoct2010-176258",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"title": "cpuapr2011-301950",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"title": "javacpumar2010",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html"
},
{
"title": "HS10-030",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-030/index.html"
},
{
"title": "HS10-010",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-010/index.html"
},
{
"title": "HS11-006",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-006/index.html"
},
{
"title": "HPSBUX02517",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02079216"
},
{
"title": "HPSBUX02608",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
},
{
"title": "HPSBUX02498",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01963123"
},
{
"title": "HPSBMU02769 SSRT100846",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151"
},
{
"title": "HPSBUX02482",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
},
{
"title": "HPSBUX02524",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02122104"
},
{
"title": "HPSBMU03611",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150888"
},
{
"title": "7007033",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007033#60239"
},
{
"title": "7014463",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463#7009"
},
{
"title": "7006876",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60239"
},
{
"title": "1426108",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
},
{
"title": "4909",
"trust": 0.8,
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4909"
},
{
"title": "7007951",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026uid=swg27007951#61029"
},
{
"title": "4025718",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025718"
},
{
"title": "7008517",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?rs=177\u0026uid=swg27008517#61029"
},
{
"title": "4025719",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025719"
},
{
"title": "1444772",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21444772"
},
{
"title": "4025742",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025742"
},
{
"title": "1412438",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412438#2"
},
{
"title": "IC68054",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"
},
{
"title": "1293566",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566#6a"
},
{
"title": "4025746",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025746"
},
{
"title": "1432298",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"title": "PM10658",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10658"
},
{
"title": "1413714",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21413714"
},
{
"title": "4025312",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
},
{
"title": "977377",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/advisory/977377.mspx"
},
{
"title": "MS10-049",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS10-049.mspx"
},
{
"title": "2043",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2043"
},
{
"title": "2046",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2046"
},
{
"title": "1819",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1819"
},
{
"title": "2047",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2047"
},
{
"title": "1820",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1820"
},
{
"title": "2048",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2048"
},
{
"title": "MFSA 2010-22",
"trust": 0.8,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
},
{
"title": "MFSA 2010-22",
"trust": 0.8,
"url": "http://www.mozilla-japan.org/security/announce/2010/mfsa2010-22.html"
},
{
"title": "NV10-008",
"trust": 0.8,
"url": "http://www.nec.co.jp/security-info/secinfo/nv10-008.html"
},
{
"title": "CVE-2009-3555",
"trust": 0.8,
"url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html"
},
{
"title": "secadv_20091111",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20091111.txt"
},
{
"title": "RELEASE_NOTES-1.3.2c",
"trust": 0.8,
"url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"
},
{
"title": "RHSA-2010:0338",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0338.html"
},
{
"title": "RHSA-2010:0164",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0164.html"
},
{
"title": "RHSA-2010:0339",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0339.html"
},
{
"title": "RHSA-2010:0865",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0865.html"
},
{
"title": "RHSA-2010:0165",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0165.html"
},
{
"title": "RHSA-2010:0166",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0166.html"
},
{
"title": "RHSA-2010:0167",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0167.html"
},
{
"title": "RHSA-2010:0770",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0770.html"
},
{
"title": "RHSA-2010:0786",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0786.html"
},
{
"title": "RHSA-2010:0130",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0130.html"
},
{
"title": "RHSA-2010:0768",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0768.html"
},
{
"title": "RHSA-2010:0807",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0807.html"
},
{
"title": "RHSA-2010:0155",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2010-0155.html"
},
{
"title": "RHSA-2009:1579",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2009-1579.html"
},
{
"title": "RHSA-2010:0162",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0162.html"
},
{
"title": "RHSA-2009:1580",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2009-1580.html"
},
{
"title": "RHSA-2010:0987",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0987.html"
},
{
"title": "RHSA-2010:0337",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0337.html"
},
{
"title": "RHSA-2010:0163",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0163.html"
},
{
"title": "SA44",
"trust": 0.8,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA44"
},
{
"title": "multiple_vulnerabilities_in_the_apache",
"trust": 0.8,
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache"
},
{
"title": "Multiple Vulnerabilities in the Apache 2 HTTP Server Prior to 2.2.16",
"trust": 0.8,
"url": "http://blogs.oracle.com/sunsecurity"
},
{
"title": "273029",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
},
{
"title": "273350",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273350-1"
},
{
"title": "274990",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
},
{
"title": "TLSA-2010-20",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-20j.txt"
},
{
"title": "TLSA-2010-42",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-42j.txt"
},
{
"title": "TLSA-2009-30",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2009/TLSA-2009-30j.txt"
},
{
"title": "TLSA-2009-32",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2009/TLSA-2009-32j.txt"
},
{
"title": "VMSA-2010-0019",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"title": "VMSA-2011-0003",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"title": "100716_91",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/100716_91/top.html"
},
{
"title": "HS10-010",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-010/index.html"
},
{
"title": "HS10-030",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030"
},
{
"title": "HS11-006",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-006/index.html"
},
{
"title": "977377",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/advisory/977377.mspx"
},
{
"title": "MS10-049",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms10-049.mspx"
},
{
"title": "MS10-049e",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/security/bulletins/MS10-049e.mspx"
},
{
"title": "TA10-222A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta10-222a.html"
},
{
"title": "VU#120541",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/vu120541.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002319"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
},
{
"problemtype": "Lack of information (CWE-noinfo) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002319"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
},
{
"trust": 1.9,
"url": "http://extendedsubset.com/?p=8"
},
{
"trust": 1.9,
"url": "http://www.links.org/?p=780"
},
{
"trust": 1.9,
"url": "http://www.links.org/?p=786"
},
{
"trust": 1.9,
"url": "http://www.links.org/?p=789"
},
{
"trust": 1.9,
"url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
},
{
"trust": 1.9,
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
},
{
"trust": 1.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
},
{
"trust": 1.9,
"url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/36935"
},
{
"trust": 1.9,
"url": "http://secunia.com/advisories/37453"
},
{
"trust": 1.9,
"url": "http://secunia.com/advisories/38020"
},
{
"trust": 1.9,
"url": "http://secunia.com/advisories/39136"
},
{
"trust": 1.9,
"url": "http://secunia.com/advisories/39242"
},
{
"trust": 1.9,
"url": "http://secunia.com/advisories/39243"
},
{
"trust": 1.9,
"url": "http://secunia.com/advisories/39500"
},
{
"trust": 1.9,
"url": "http://secunia.com/advisories/40747"
},
{
"trust": 1.9,
"url": "http://www.vupen.com/english/advisories/2009/3310"
},
{
"trust": 1.9,
"url": "http://www.vupen.com/english/advisories/2009/3313"
},
{
"trust": 1.9,
"url": "http://www.vupen.com/english/advisories/2010/0086"
},
{
"trust": 1.9,
"url": "http://www.vupen.com/english/advisories/2010/0982"
},
{
"trust": 1.9,
"url": "http://www.vupen.com/english/advisories/2010/3086"
},
{
"trust": 1.9,
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"trust": 1.9,
"url": "http://www.us-cert.gov/cas/techalerts/ta10-222a.html"
},
{
"trust": 1.9,
"url": "http://www.kb.cert.org/vuls/id/120541"
},
{
"trust": 1.6,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3555"
},
{
"trust": 1.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555"
},
{
"trust": 1.2,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
},
{
"trust": 1.2,
"url": "http://www.openssl.org/news/secadv_20091111.txt"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 1.1,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
},
{
"trust": 1.1,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
},
{
"trust": 1.1,
"url": "http://securitytracker.com/id?1023148"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023163"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023204"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023205"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023206"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023207"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023208"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023209"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023210"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023211"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023212"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023213"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023214"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023215"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023216"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023217"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023218"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023219"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023224"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023243"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023270"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023271"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023272"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023273"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023274"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023275"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023411"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023426"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023427"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1023428"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1024789"
},
{
"trust": 1.1,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b01d1d.shtml"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2009/nov/139"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
},
{
"trust": 1.1,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
},
{
"trust": 1.1,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
},
{
"trust": 1.1,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37291"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37292"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37320"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37383"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37399"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37501"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37504"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37604"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37640"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37656"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37675"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37859"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/38003"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/38056"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/38241"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/38484"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/38687"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/38781"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39127"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39278"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39292"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39317"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39461"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39628"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39632"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39713"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/39819"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/40070"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/40545"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/40866"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/41480"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/41490"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/41818"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/41967"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/41972"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42377"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42379"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42467"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42724"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42733"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42808"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42811"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42816"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/43308"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/44183"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/44954"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48577"
},
{
"trust": 1.1,
"url": "http://osvdb.org/60521"
},
{
"trust": 1.1,
"url": "http://osvdb.org/60972"
},
{
"trust": 1.1,
"url": "http://osvdb.org/62210"
},
{
"trust": 1.1,
"url": "http://osvdb.org/65202"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3164"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3165"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3205"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3220"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3353"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3354"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3484"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3521"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3587"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/0173"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/0748"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/0848"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/0916"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/0933"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/0994"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/1054"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/1191"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/1350"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/1639"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/1673"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/2010"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/2745"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2010/3069"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0032"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0033"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0086"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2010/jan/msg00000.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2010//may/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2010//may/msg00002.html"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2009/dsa-1934"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2011/dsa-2141"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3253"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01029.html"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01020.html"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00634.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049702.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049528.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049455.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039561.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"trust": 1.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02436041"
},
{
"trust": 1.1,
"url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02273751"
},
{
"trust": 1.1,
"url": "http://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/522176"
},
{
"trust": 1.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01945686"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic67848"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68054"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68055"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:076"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:084"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:089"
},
{
"trust": 1.1,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0119.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0130.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0155.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0165.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0167.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0337.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0338.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0339.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0768.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0770.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0786.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0807.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0865.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0986.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0987.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0880.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta10-287a.html"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-1010-1"
},
{
"trust": 1.1,
"url": "http://ubuntu.com/usn/usn-923-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-927-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-927-4"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-927-5"
},
{
"trust": 1.1,
"url": "http://openbsd.org/errata45.html#010_openssl"
},
{
"trust": 1.1,
"url": "http://openbsd.org/errata46.html#004_openssl"
},
{
"trust": 1.1,
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
},
{
"trust": 1.1,
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
},
{
"trust": 1.1,
"url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
},
{
"trust": 1.1,
"url": "http://clicky.me/tlsvuln"
},
{
"trust": 1.1,
"url": "http://extendedsubset.com/renegotiating_tls.pdf"
},
{
"trust": 1.1,
"url": "http://kbase.redhat.com/faq/docs/doc-20491"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht4004"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht4170"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht4171"
},
{
"trust": 1.1,
"url": "http://support.avaya.com/css/p8/documents/100070150"
},
{
"trust": 1.1,
"url": "http://support.avaya.com/css/p8/documents/100081611"
},
{
"trust": 1.1,
"url": "http://support.avaya.com/css/p8/documents/100114315"
},
{
"trust": 1.1,
"url": "http://support.avaya.com/css/p8/documents/100114327"
},
{
"trust": 1.1,
"url": "http://support.citrix.com/article/ctx123359"
},
{
"trust": 1.1,
"url": "http://support.zeus.com/zws/media/docs/4.3/release_notes"
},
{
"trust": 1.1,
"url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
},
{
"trust": 1.1,
"url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
},
{
"trust": 1.1,
"url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
},
{
"trust": 1.1,
"url": "http://wiki.rpath.com/advisories:rpsa-2009-0155"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
},
{
"trust": 1.1,
"url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
},
{
"trust": 1.1,
"url": "http://www.betanews.com/article/1257452450"
},
{
"trust": 1.1,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-030/index.html"
},
{
"trust": 1.1,
"url": "http://www.ingate.com/relnote.php?ver=481"
},
{
"trust": 1.1,
"url": "http://www.openoffice.org/security/cves/cve-2009-3555.html"
},
{
"trust": 1.1,
"url": "http://www.opera.com/docs/changelogs/unix/1060/"
},
{
"trust": 1.1,
"url": "http://www.opera.com/support/search/view/944/"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"trust": 1.1,
"url": "http://www.proftpd.org/docs/release_notes-1.3.2c"
},
{
"trust": 1.1,
"url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
},
{
"trust": 1.1,
"url": "http://www.tombom.co.uk/blog/?p=85"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2010-0019.html"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2011-0003.html"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"trust": 1.1,
"url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
},
{
"trust": 1.1,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
},
{
"trust": 1.1,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
},
{
"trust": 1.1,
"url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10088"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11578"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11617"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7315"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7478"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7973"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8366"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8535"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"trust": 1.0,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa50"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
},
{
"trust": 1.0,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"trust": 1.0,
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=pm00675\u0026apar=only"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
},
{
"trust": 0.8,
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html"
},
{
"trust": 0.8,
"url": "http://cvs.openssl.org/chngview?cn=18790"
},
{
"trust": 0.8,
"url": "http://www.links.org/files/no-renegotiation-2.patch"
},
{
"trust": 0.8,
"url": "http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu120541"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu490671"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2010-22"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/38338"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/38728"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/38608"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/44292"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/44293"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/40879"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/44260"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/37566"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa10-222a.html"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2010/1280"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2010/2660"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2010/1942"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/3393"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2010/0125"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2010/0212"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2010/0457"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2010/2046"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2011/1039"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95298925/"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2009/jvndb-2009-002319.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-160-01"
},
{
"trust": 0.4,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.4,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.4,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.3,
"url": "http://secunia.com/"
},
{
"trust": 0.3,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.3,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.3,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0091"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0094"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0095"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0840"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0092"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0093"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0088"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0084"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0845"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0848"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0082"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0838"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0847"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0085"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0082"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0837"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-7270"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=132077688910227\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=127419602507642\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=134254866602253\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=130497311408250\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=133469267822771\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=126150535619567\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=127128920008563\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=127557596201693\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026amp;q=pm00675\u0026amp;apar=only"
},
{
"trust": 0.1,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2009\u0026amp;m=slackware-security.597446"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=apache-httpd-announce\u0026amp;m=125755783724966\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=cryptography\u0026amp;m=125752275331877\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://kb.bluecoat.com/index?page=content\u0026amp;id=sa50"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4143"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4018"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3011"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4017"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "http://www.hp.com/servers/manage/smh"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44293"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44293/"
},
{
"trust": 0.1,
"url": "http://secunia.com/research/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#appendixas"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44293/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/open_positions/reverse_engineer"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/a6a02193b073"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3876"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3881"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2409"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2409"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3883"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3869"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3882"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3879"
},
{
"trust": 0.1,
"url": "http://blogs.sun.com/darcy/resource/openjdk_6/openjdk6-b18-changes-summary.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3881"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3877"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3883"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3869"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3882"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3873"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3875"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3874"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3885"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3871"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3877"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3876"
},
{
"trust": 0.1,
"url": "http://article.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/8938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3880"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3885"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3880"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3879"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0129"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwareindex.jsp?lang=en\u0026cc=us\u0026prodnameid=3188475\u0026prodtypeid=329290\u0026prodseriesid=3188465\u0026swlang=8\u0026taskid=135\u0026swenvoid=1113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4180"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/bizsupport"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1965"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0079"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4070"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0082"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2371"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0169"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4061"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1210"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4181"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1832"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4058"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1828"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0353"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1838"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2766"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4061"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3767"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0473"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0172"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0479"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2043"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3175"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3655"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2760"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1187"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0447"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2462"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0456"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2770"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1125"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3958"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3777"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3003"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3174"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0168"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0057"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0443"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2993"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3376"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5017"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1940"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2989"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5836"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0182"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4179"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2436"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3072"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1208"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2375"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2376"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3772"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3977"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3965"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3978"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4183"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1834"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2472"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3378"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2767"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1952"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0078"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0170"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0164"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0775"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3400"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1211"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3372"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2769"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4188"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5012"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4206"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5354"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5504"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3648"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3071"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0477"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2408"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1304"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4201"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4182"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1206"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1392"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4070"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2044"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3835"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4059"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5023"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1308"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1044"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5508"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0654"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4065"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1307"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3866"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0080"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0478"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1213"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0352"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5014"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2664"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0051"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3989"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3371"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3382"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4194"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4582"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5502"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2437"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3978"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1835"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3993"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5506"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3375"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3078"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0173"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3075"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0462"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2605"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1169"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1311"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3658"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3004"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1950"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2369"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1215"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4062"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0463"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0167"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3381"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0452"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3837"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1837"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2374"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3167"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0774"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4065"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5022"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5024"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0468"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3026"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1203"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0074"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2061"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0085"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1945"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1959"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4060"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0077"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3000"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0071"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0016"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2065"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0081"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4063"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1955"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1302"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5503"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3374"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1028"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4059"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3005"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4185"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0176"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5839"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1121"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3661"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2765"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5913"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3169"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5843"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3663"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3651"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5016"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2372"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1951"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3274"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1197"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3778"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3232"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4063"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3073"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2654"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0354"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5500"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3380"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1212"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0357"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0773"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0220"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0071"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0777"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0055"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5052"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0165"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2464"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2378"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3131"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0160"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1836"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5513"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3986"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0367"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2752"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3388"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2753"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3650"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3002"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2764"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2751"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4190"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2477"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1833"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2768"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2991"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0358"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2373"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3670"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4582"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3377"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4208"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1956"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4186"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0441"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0054"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5014"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2671"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2662"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1309"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1840"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3957"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1585"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5840"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1207"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0445"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2998"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0355"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1200"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2362"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3077"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0056"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3101"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5501"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4195"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4209"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3660"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2762"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5833"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1839"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0648"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3101"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3168"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0072"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2995"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3399"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0171"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5841"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5838"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5019"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0458"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3073"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3837"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3836"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0174"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5842"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0457"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3176"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5511"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0356"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4205"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0178"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3379"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4064"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4508"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-34.html"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1310"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0016"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1306"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3079"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2471"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0073"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0474"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0444"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0455"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1954"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4062"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3647"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4210"
},
{
"trust": 0.1,
"url": "http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c="
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0017"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1305"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0446"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5835"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0181"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5013"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1214"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1196"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0449"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0062"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1841"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3179"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0367"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3765"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1947"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3070"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4060"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0442"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0175"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1712"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1199"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2365"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2404"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3775"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1198"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2535"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1938"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5505"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1946"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5512"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5074"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4187"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3766"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2437"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1949"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5830"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0075"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0652"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1958"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5015"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0163"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0179"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1313"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0159"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1939"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3182"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4207"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-6961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3178"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4191"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3956"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4204"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2763"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3654"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2364"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3389"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0464"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1209"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2754"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2210"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5829"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3173"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3774"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3995"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5510"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4192"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2463"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3959"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3770"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3769"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0772"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3665"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4196"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5822"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2466"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3649"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3653"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3768"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2478"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1312"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-11.html"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0058"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3771"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2479"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3383"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1303"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2465"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3170"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2377"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3991"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5012"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1957"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2755"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1948"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3773"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3076"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0166"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4064"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2436"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0461"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4215"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5021"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4058"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0451"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0771"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3836"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5013"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4212"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0459"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0076"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0083"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0460"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0183"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1201"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0059"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0177"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3062"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5018"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3177"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2363"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0084"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3652"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1941"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201301-01.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3074"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1937"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3835"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0053"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3171"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0471"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0065"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0162"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3373"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2665"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0850"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0887"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0839"
},
{
"trust": 0.1,
"url": "http://www.gentoo.org/doc/en/java.xml#doc_chap4"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0089"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0087"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0090"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0087"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0085"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0849"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0844"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0091"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0839"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0837"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0089"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0093"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201006-18.xml"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0095"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0840"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0090"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0843"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0740"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0433"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3245"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "PACKETSTORM",
"id": "169645"
},
{
"db": "PACKETSTORM",
"id": "93944"
},
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "PACKETSTORM",
"id": "130868"
},
{
"db": "PACKETSTORM",
"id": "88167"
},
{
"db": "PACKETSTORM",
"id": "100761"
},
{
"db": "PACKETSTORM",
"id": "89026"
},
{
"db": "PACKETSTORM",
"id": "111583"
},
{
"db": "PACKETSTORM",
"id": "106754"
},
{
"db": "PACKETSTORM",
"id": "119293"
},
{
"db": "PACKETSTORM",
"id": "90286"
},
{
"db": "PACKETSTORM",
"id": "98469"
},
{
"db": "PACKETSTORM",
"id": "88698"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002319"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "PACKETSTORM",
"id": "169645"
},
{
"db": "PACKETSTORM",
"id": "93944"
},
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "PACKETSTORM",
"id": "130868"
},
{
"db": "PACKETSTORM",
"id": "88167"
},
{
"db": "PACKETSTORM",
"id": "100761"
},
{
"db": "PACKETSTORM",
"id": "89026"
},
{
"db": "PACKETSTORM",
"id": "111583"
},
{
"db": "PACKETSTORM",
"id": "106754"
},
{
"db": "PACKETSTORM",
"id": "119293"
},
{
"db": "PACKETSTORM",
"id": "90286"
},
{
"db": "PACKETSTORM",
"id": "98469"
},
{
"db": "PACKETSTORM",
"id": "88698"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002319"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-11-11T00:00:00",
"db": "CERT/CC",
"id": "VU#120541"
},
{
"date": "2009-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-41001"
},
{
"date": "2009-11-11T12:12:12",
"db": "PACKETSTORM",
"id": "169645"
},
{
"date": "2010-09-17T00:35:23",
"db": "PACKETSTORM",
"id": "93944"
},
{
"date": "2010-05-03T23:54:02",
"db": "PACKETSTORM",
"id": "89136"
},
{
"date": "2015-03-18T00:44:34",
"db": "PACKETSTORM",
"id": "130868"
},
{
"date": "2010-04-07T02:30:56",
"db": "PACKETSTORM",
"id": "88167"
},
{
"date": "2011-04-24T07:03:07",
"db": "PACKETSTORM",
"id": "100761"
},
{
"date": "2010-04-28T20:44:54",
"db": "PACKETSTORM",
"id": "89026"
},
{
"date": "2012-04-05T00:45:56",
"db": "PACKETSTORM",
"id": "111583"
},
{
"date": "2011-11-09T00:58:11",
"db": "PACKETSTORM",
"id": "106754"
},
{
"date": "2013-01-08T03:21:24",
"db": "PACKETSTORM",
"id": "119293"
},
{
"date": "2010-06-04T05:32:00",
"db": "PACKETSTORM",
"id": "90286"
},
{
"date": "2011-02-14T21:33:52",
"db": "PACKETSTORM",
"id": "98469"
},
{
"date": "2010-04-20T15:07:58",
"db": "PACKETSTORM",
"id": "88698"
},
{
"date": "2012-04-17T20:41:11",
"db": "PACKETSTORM",
"id": "111920"
},
{
"date": "2009-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002319"
},
{
"date": "2011-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"date": "2009-11-09T17:30:00.407000",
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-07-22T00:00:00",
"db": "CERT/CC",
"id": "VU#120541"
},
{
"date": "2023-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-41001"
},
{
"date": "2016-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002319"
},
{
"date": "2022-06-13T05:59:00",
"db": "JVNDB",
"id": "JVNDB-2011-001632"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "PACKETSTORM",
"id": "88698"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SSL and TLS protocols renegotiation vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "89136"
}
],
"trust": 0.1
}
}
VAR-201012-0193
Vulnerability from variot - Updated: 2025-12-22 20:00OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL is prone to a security weakness that may allow attackers to downgrade the ciphersuite. Successfully exploiting this issue in conjunction with other latent vulnerabilities may allow attackers to gain access to sensitive information or gain unauthorized access to an affected application that uses OpenSSL. Releases prior to OpenSSL 1.0.0c are affected. =========================================================== Ubuntu Security Notice USN-1029-1 December 08, 2010 openssl vulnerabilities CVE-2008-7270, CVE-2010-4180 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.14
Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.13
Ubuntu 9.10: libssl0.9.8 0.9.8g-16ubuntu3.5
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.5
Ubuntu 10.10: libssl0.9.8 0.9.8o-1ubuntu4.3
After a standard system update you need to reboot your computer to make all the necessary changes.
Details follow:
It was discovered that an old bug workaround in the SSL/TLS server code allowed an attacker to modify the stored session cache ciphersuite. (CVE-2010-4180)
It was discovered that an old bug workaround in the SSL/TLS server code allowed allowed an attacker to modify the stored session cache ciphersuite. An attacker could possibly take advantage of this to force the use of a disabled cipher. This vulnerability only affects the versions of OpenSSL in Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10. (CVE-2008-7270)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14.diff.gz
Size/MD5: 67296 3de8e480bcec0653b94001366e2f1f27
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14.dsc
Size/MD5: 1465 a5f93020840f693044eb64af528fd01e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz
Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_amd64.udeb
Size/MD5: 572012 b3792d19d5f7783929e473b6eb1e239c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_amd64.deb
Size/MD5: 2181644 746b74e9b6c42731ff2021c396789708
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_amd64.deb
Size/MD5: 1696628 abe942986698bf86938312c5e344e0ba
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_amd64.deb
Size/MD5: 880292 9d6d854dcef14c90ce24c1aa232a418a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_amd64.deb
Size/MD5: 998466 9c51c334fd6c0b7c7b73340a01af61c8
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_i386.udeb
Size/MD5: 509644 e1617d062d546f7dad2298bf6463bc3c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_i386.deb
Size/MD5: 2031000 6755c67294ab2ff03255a3bf7079ab26
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_i386.deb
Size/MD5: 5195206 37fcd0cdefd012f0ea7d79d0e6a1b48f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_i386.deb
Size/MD5: 2660326 9083ddc71b89e4f4e95c4ca999bcedba
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_i386.deb
Size/MD5: 979408 518eaad303d089ab7dcc1b89fd019f19
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_powerpc.udeb
Size/MD5: 558018 0e94d5f570a83f4b41bef642e032c256
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_powerpc.deb
Size/MD5: 2189034 6588292725cfa33c8d56a61c3d8120b1
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_powerpc.deb
Size/MD5: 1740524 0b98e950e59c538333716ee939710150
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_powerpc.deb
Size/MD5: 865778 d1e44ecc73dea8a8a11cd4d6b7c38abf
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_powerpc.deb
Size/MD5: 984342 a3ff875c30b6721a1d6dd59d9a6393e0
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_sparc.udeb
Size/MD5: 531126 7f598ce48b981eece01e0a1044bbdcc5
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_sparc.deb
Size/MD5: 2099640 38d18490bd40fcc6ee127965e460e6aa
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_sparc.deb
Size/MD5: 3977666 f532337b8bc186ee851d69f8af8f7fe3
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_sparc.deb
Size/MD5: 2101356 501fd6e860368e3682f9d6035ed3413d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_sparc.deb
Size/MD5: 992232 52bd2a78e8d2452fbe873658433fbe45
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13.diff.gz
Size/MD5: 73984 2e4386a45d0f3a7e3bbf13f1cd4f62fb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13.dsc
Size/MD5: 1563 40d181ca10759fb3d78a24d3b61d6055
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz
Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.13_all.deb
Size/MD5: 631720 68f4c61790241e78736eb6a2c2280a0d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_amd64.udeb
Size/MD5: 604222 f1aeb30abc9ff9f73749dced0982c312
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_amd64.deb
Size/MD5: 2084282 472728da8f3b8474d23e128ab686b777
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_amd64.deb
Size/MD5: 1621532 4aad22d7f98d57f9d582123f354bb499
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_amd64.deb
Size/MD5: 941454 fbeb5e8cc138872158931bbde0be2336
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_amd64.deb
Size/MD5: 392758 e337373509761ee9c3e54d26c3867cd6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_i386.udeb
Size/MD5: 564986 a9cfb58458322b5c3253f5f21fcdff83
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_i386.deb
Size/MD5: 1951390 187734df71deb12de0aa6ba3da3ddfb2
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_i386.deb
Size/MD5: 5415092 1919e018dc2473d10f05626cfdd4385a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_i386.deb
Size/MD5: 2859870 7b5ef116df18489408becd21d9d52649
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_i386.deb
Size/MD5: 387802 2fb486f8f17dfc6d384e54465f66f8a9
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_lpia.udeb
Size/MD5: 535616 d196d8b0dc3d0c9864862f88a400f46e
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_lpia.deb
Size/MD5: 1932070 bc1a33e24ce141477caf0a4145d10284
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_lpia.deb
Size/MD5: 1532992 6e69c3e3520bafbdbfbf2ff09a822530
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_lpia.deb
Size/MD5: 852392 07d0adb80cd03837fd9d8ecbda86ea09
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_lpia.deb
Size/MD5: 392096 c90b67fc5dbc0353a60b840ccdd632bd
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_powerpc.udeb
Size/MD5: 610446 e5db78f8999ea4da0e5ac1b6fdc35618
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_powerpc.deb
Size/MD5: 2091338 70f449d9738b0a05d293d97facb87f5e
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_powerpc.deb
Size/MD5: 1658830 5dba0f3b3eb2e8ecc9953a5eba7e9339
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_powerpc.deb
Size/MD5: 953732 406c11752e6a69cea4f7c65e5c23f2bb
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_powerpc.deb
Size/MD5: 401076 c7572a53be4971e4537e1a3c52497a85
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_sparc.udeb
Size/MD5: 559792 69edc52b1e3b34fcb302fc7a9504223e
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_sparc.deb
Size/MD5: 1995782 dbf2c667cf2be687693d435e52959cfa
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_sparc.deb
Size/MD5: 3927018 4a16b21b3e212031f4bd6e618197f8e2
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_sparc.deb
Size/MD5: 2264418 d0e9ea2c9df5406bf0b94746ce34a189
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_sparc.deb
Size/MD5: 400272 6adb67ab18511683369b980fddb15e94
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5.diff.gz
Size/MD5: 75247 09b8215b07ab841c39f8836ca47ee01d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5.dsc
Size/MD5: 2078 0f11b8b1f104fdd3b7ef98b8f289e57a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz
Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-16ubuntu3.5_all.deb
Size/MD5: 642466 eecc336759fa7b99eaed2ef541499e97
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_amd64.udeb
Size/MD5: 628186 29b1c5d8b32a0678a48d0a89556508e3
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_amd64.deb
Size/MD5: 2119392 d6862813a343ee9472b90f7139e7dc48
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_amd64.deb
Size/MD5: 1642856 2d76609a9262f9b5f2784c23e451baff
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_amd64.deb
Size/MD5: 967526 afc32aefadd062851e456216d11d5a97
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_amd64.deb
Size/MD5: 402562 5aa66b898f890baac5194ada999ab1d3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_i386.udeb
Size/MD5: 571494 c6ac5d5bce8786699abf9fd852c46393
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_i386.deb
Size/MD5: 1979806 bdeb6615f192f714451544068c74812d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_i386.deb
Size/MD5: 5630550 f26ccb94e593f7086a4e3b71cff68e3f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_i386.deb
Size/MD5: 2927046 5e0b91471526f867012b362cdcda1068
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_i386.deb
Size/MD5: 397776 07f6c0d04be2bd89d8e40fd8c13285bc
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_armel.udeb
Size/MD5: 541448 2491f890b8dd2e0a93416d423ec5cc1b
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_armel.deb
Size/MD5: 1965226 20c3261921cd9d235ed2647f0756b045
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_armel.deb
Size/MD5: 1540070 9ffa955952e4d670ad29a9b39243d629
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_armel.deb
Size/MD5: 856998 0be4e4cd43bed15fc8363a879bf58c39
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_armel.deb
Size/MD5: 393692 802f3c5abea68a6054febb334452a7c0
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_lpia.udeb
Size/MD5: 547524 6c19d36e99270da89d4adf0f76bdb0eb
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_lpia.deb
Size/MD5: 1957254 5ee4cfcae8860529992874afc9f325fb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_lpia.deb
Size/MD5: 1590464 11e400cf0cc2c2e465adaecc9d477c75
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_lpia.deb
Size/MD5: 868712 06e54b85b80b5f367bde9743d1aedbff
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_lpia.deb
Size/MD5: 399902 0efbc32f3738c140b1c3efe2b1113aeb
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_powerpc.udeb
Size/MD5: 619104 e40b223ab89356348cf4c1de46bd8d77
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_powerpc.deb
Size/MD5: 2115846 01770253efeca9c2f7c5e432c6d6bf95
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_powerpc.deb
Size/MD5: 1697564 24d665973abab4ecbe08813d226556f2
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_powerpc.deb
Size/MD5: 951140 f59e1d23b2b21412d8f068b0475fe773
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_powerpc.deb
Size/MD5: 399376 3703f492fe145305ee7766e2a0d52c5c
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_sparc.udeb
Size/MD5: 563630 1df247a9584dbeb62fffde7b42c21a2f
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_sparc.deb
Size/MD5: 2008260 d79476e6fa043ad83bd12fe9531f8b22
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_sparc.deb
Size/MD5: 3995256 b60bf440e4e598947db86c4bf020e6fa
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_sparc.deb
Size/MD5: 2283532 0799ba2774806fead522ef6972cde580
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_sparc.deb
Size/MD5: 409314 82165b0cf05d27e318f0d64df876f8f8
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5.diff.gz
Size/MD5: 112331 02b0f3bdc024b25dc2cb168628a42dac
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5.dsc
Size/MD5: 2102 de69229286f2c7eb52183e2ededb0a48
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k.orig.tar.gz
Size/MD5: 3852259 e555c6d58d276aec7fdc53363e338ab3
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8k-7ubuntu8.5_all.deb
Size/MD5: 640566 023f6b5527052d0341c40cbbf64f8e54
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_amd64.udeb
Size/MD5: 630234 2d2c5a442d4d2abc2e49feaef783c710
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_amd64.deb
Size/MD5: 2143676 c9bf70ec94df02a89d99591471e44787
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_amd64.deb
Size/MD5: 1650636 485f318a2457012aa489823e87d4f9b1
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_amd64.udeb
Size/MD5: 136130 e16feacb49a52ef72aa69da4f63718a8
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_amd64.deb
Size/MD5: 979624 6a0c5f93f6371c4b41c0bccbc1e9b217
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_amd64.deb
Size/MD5: 406378 2aee12190747b060f4ad6bfd3a182bd6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_i386.udeb
Size/MD5: 582640 ce87be9268c6ce3550bb7935460b3976
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_i386.deb
Size/MD5: 2006462 cb6fe50961fe89ee67f0c13c26d424f5
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_i386.deb
Size/MD5: 5806248 7c21c1a2ea1ce8201904b2a99537cad6
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_i386.udeb
Size/MD5: 129708 77ff3896e3c541f1d9c0eb161c919882
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_i386.deb
Size/MD5: 3014932 4e61de0d021f49ac5fc2884d2d252854
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_i386.deb
Size/MD5: 400398 7654a219a640549e8d34bb91e34a815b
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_armel.udeb
Size/MD5: 532306 9a4d5169e5e3429581bb16d6e61e334a
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_armel.deb
Size/MD5: 1935426 fb725096f798314e1cd76248599ec61a
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_armel.deb
Size/MD5: 1624382 6833d33bed6fbe0ad61d8615d56089f7
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_armel.udeb
Size/MD5: 115630 55449ab904a6b52402a3cd88b763f384
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_armel.deb
Size/MD5: 849068 ace9af9701bd1aa8078f8371bb5a1249
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_armel.deb
Size/MD5: 394182 198be7154104014118c0bee633ad3524
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_powerpc.udeb
Size/MD5: 627050 1057f1e1b4c7fb2129064149fdc15e7e
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_powerpc.deb
Size/MD5: 2147452 41e5eb249a3a2619d0add96808c9e6e4
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_powerpc.deb
Size/MD5: 1718790 6161e426e833e984a2dbe5fbae29ceec
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_powerpc.udeb
Size/MD5: 135530 26aba12ee4ba7caff0f2653c12318e92
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_powerpc.deb
Size/MD5: 969544 822b91a90cf91650f12a3ce9200e9dc0
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_powerpc.deb
Size/MD5: 402878 79e80d92494b2f74241edcd18ba6f994
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_sparc.udeb
Size/MD5: 597964 a4e6860a52c0681b36b1ca553bccd805
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_sparc.deb
Size/MD5: 2065638 05c803f4fd599d46162db5de530236f5
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_sparc.deb
Size/MD5: 4094390 8a1251f546bf8e449fe2952b25029f53
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_sparc.udeb
Size/MD5: 125862 75b8bdc987cf37a65d73b31c74c664ee
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_sparc.deb
Size/MD5: 2353876 6ef537e63f9551a927f52cc87befbc60
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_sparc.deb
Size/MD5: 419348 b17aeb96b578e199d33b02c5eab2ae19
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3.debian.tar.gz
Size/MD5: 92255 055df7f147cbad0066f88a0f2fa62cf5
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3.dsc
Size/MD5: 2118 8a81f824f312fb4033e1ab28a27ff99e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o.orig.tar.gz
Size/MD5: 3772542 63ddc5116488985e820075e65fbe6aa4
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8o-1ubuntu4.3_all.deb
Size/MD5: 645798 04eb700e0335d703bd6f610688bc3374
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_amd64.udeb
Size/MD5: 620316 df1d96cf5dbe9ea0b5ab1ef6f09b9194
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_amd64.deb
Size/MD5: 2159884 a8fc3df0bf6af3350fe8f304eb29d90d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_amd64.deb
Size/MD5: 1550444 f51ab29ef9e5e2636eb9b943d6e1d4b1
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_amd64.udeb
Size/MD5: 137384 72d04c14a09c287978aec689872bde8c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_amd64.deb
Size/MD5: 923380 91e5f4df1c1e011ee449ff6424ecb832
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_amd64.deb
Size/MD5: 406978 e9a055390d250ffc516518b53bb8bb36
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_i386.udeb
Size/MD5: 570730 42ed7f9d05ca2b4d260cb3eb07832306
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_i386.deb
Size/MD5: 2012542 2132edd3a3e0eecd04efd4645b8f583f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_i386.deb
Size/MD5: 1553718 a842382c89c5a0ad0a88f979b9ffbd7e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_i386.udeb
Size/MD5: 130462 4d2506b23b5abfa3be3e7fb8543c8d70
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_i386.deb
Size/MD5: 866348 3c2ea45d798374c21b800dcf59d0a4c1
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_i386.deb
Size/MD5: 400064 b1b5e14e431ae7c6c5fad917f6ce596f
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_armel.udeb
Size/MD5: 566054 5561d1894ad32ac689593ddd4b4a0609
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_armel.deb
Size/MD5: 2012710 fd1d0612b6a89b26b0d32c72087538fd
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_armel.deb
Size/MD5: 1542334 7609e92dc5d8d3030a65f4be81b862b2
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_armel.udeb
Size/MD5: 120434 8d289d3446bdcdc8c297066608e72322
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_armel.deb
Size/MD5: 851396 f5c3eb4c55ef9a9985a88bbaed3ec2ca
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_armel.deb
Size/MD5: 406412 3bd3e64fd628b294b6ea47eb5f3c6a27
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_powerpc.udeb
Size/MD5: 616138 19c9d86e43e2680921dd0a726a4dc955
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_powerpc.deb
Size/MD5: 2154670 b22a1c4b9b05a87ab3b3ad494d5627f6
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_powerpc.deb
Size/MD5: 1618586 3b2e33b46a007144b61c2469c7a2cbc7
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_powerpc.udeb
Size/MD5: 136044 37e9e3fdc5d3dd5a9f931f33e523074e
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_powerpc.deb
Size/MD5: 917582 674b2479c79c72b479f91433a34cb0fb
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_powerpc.deb
Size/MD5: 402026 a9001ad881ad996d844b12bd7d427d76
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02824483 Version: 1
HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-05-05 Last Updated: 2011-05-05
Potential Security Impact: Remote Denial of Service (DoS), Unauthorized disclosure of information, unauthorized modification
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses.
References: CVE-2011-0014, CVE-2010-4180, CVE-2010-4252, CVE-2010-3864
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS v 1.4 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-4180 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2010-4252 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-3864 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve these vulnerabilities.
HP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers: http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
HISTORY Version:1 (rev.1) - 5 May 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk3C8qwACgkQ4B86/C0qfVmTyACeI0cAPKAuu2dSVEZs1P0A/HP1 nR4An0Fi+F9yPWsVHhM8pkgrG376ShnM =DCj7 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-01
http://security.gentoo.org/
Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 09, 2011 Bugs: #303739, #308011, #322575, #332027, #345767, #347623, #354139, #382069 ID: 201110-01
Synopsis
Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks.
Background
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.0e >= 1.0.0e
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.
Impact
A context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0e"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues.
References
[ 1 ] CVE-2009-3245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245 [ 2 ] CVE-2009-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355 [ 3 ] CVE-2010-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433 [ 4 ] CVE-2010-0740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740 [ 5 ] CVE-2010-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742 [ 6 ] CVE-2010-1633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633 [ 7 ] CVE-2010-2939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939 [ 8 ] CVE-2010-3864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864 [ 9 ] CVE-2010-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180 [ 10 ] CVE-2010-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252 [ 11 ] CVE-2011-0014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014 [ 12 ] CVE-2011-3207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207 [ 13 ] CVE-2011-3210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-01.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2141-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch January 06, 2011 http://www.debian.org/security/faq
Package : openssl Vulnerability : SSL/TLS insecure renegotiation protocol design flaw Problem type : remote Debian-specific: no CVE ID : CVE-2009-3555 CVE-2010-4180 Debian Bug : 555829
CVE-2009-3555:
Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue.
If openssl is used in a server application, it will by default no longer accept renegotiation from clients that do not support the RFC5746 secure renegotiation extension. A separate advisory will add RFC5746 support for nss, the security library used by the iceweasel web browser. For apache2, there will be an update which allows to re-enable insecure renegotiation.
This version of openssl is not compatible with older versions of tor. You have to use at least tor version 0.2.1.26-1~lenny+1, which has been included in the point release 5.0.7 of Debian stable.
Currently we are not aware of other software with similar compatibility problems.
CVE-2010-4180:
In addition, this update fixes a flaw that allowed a client to bypass restrictions configured in the server for the used cipher suite.
For the stable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny11.
For the unstable distribution (sid), and the testing distribution (squeeze), this problem has been fixed in version 0.9.8o-4.
We recommend that you upgrade your openssl package.
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180
Updated Packages:
Mandriva Linux 2009.0: a4b19ac2810b464392bb2f3b5292fe67 2009.0/i586/libopenssl0.9.8-0.9.8h-3.9mdv2009.0.i586.rpm 6169959e4a5f0acbdab7269ac99baa8d 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.9mdv2009.0.i586.rpm 64195ec5f2e7868a49c280d3a32168cd 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.9mdv2009.0.i586.rpm 7a1c151567d7f9d364a79ecd63322d47 2009.0/i586/openssl-0.9.8h-3.9mdv2009.0.i586.rpm 6e96fc588f1921571046fbc14928e5a1 2009.0/SRPMS/openssl-0.9.8h-3.9mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: a77409f3bedc0446f8eda39281dbf7a4 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.9mdv2009.0.x86_64.rpm feffaacd70224326c3582eb93156864b 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.9mdv2009.0.x86_64.rpm e2cb3f77f36b8b0a6ca214861bf79be3 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.9mdv2009.0.x86_64.rpm d6e667e012727d34442e23f91b005b40 2009.0/x86_64/openssl-0.9.8h-3.9mdv2009.0.x86_64.rpm 6e96fc588f1921571046fbc14928e5a1 2009.0/SRPMS/openssl-0.9.8h-3.9mdv2009.0.src.rpm
Mandriva Linux 2010.0: 86223cb60de3ea76f185425da6b299f2 2010.0/i586/libopenssl0.9.8-0.9.8k-5.4mdv2010.0.i586.rpm 7624aa325a944ee5f4898dfd3a1c4340 2010.0/i586/libopenssl0.9.8-devel-0.9.8k-5.4mdv2010.0.i586.rpm 95ac866a31973ccf4c2e6d04012e7e67 2010.0/i586/libopenssl0.9.8-static-devel-0.9.8k-5.4mdv2010.0.i586.rpm 445c417e7de8145daefedf113b343ff5 2010.0/i586/openssl-0.9.8k-5.4mdv2010.0.i586.rpm 27fc76be287e1cd06adb2725df0c4167 2010.0/SRPMS/openssl-0.9.8k-5.4mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 391cb84677230e2c39708db0797b2e87 2010.0/x86_64/lib64openssl0.9.8-0.9.8k-5.4mdv2010.0.x86_64.rpm 7f251668cfd04bd1e2a634030c28929f 2010.0/x86_64/lib64openssl0.9.8-devel-0.9.8k-5.4mdv2010.0.x86_64.rpm 9110c45d54ce48c4ad0c8fe231f7f027 2010.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-5.4mdv2010.0.x86_64.rpm 43e7eae967aad5b140eed29dab277aa2 2010.0/x86_64/openssl-0.9.8k-5.4mdv2010.0.x86_64.rpm 27fc76be287e1cd06adb2725df0c4167 2010.0/SRPMS/openssl-0.9.8k-5.4mdv2010.0.src.rpm
Mandriva Linux 2010.1: 9cf211d5095ca7a5a82aa980d4eebd5d 2010.1/i586/libopenssl1.0.0-1.0.0a-1.6mdv2010.1.i586.rpm 788019361b199d0b6a0f3331294ac154 2010.1/i586/libopenssl1.0.0-devel-1.0.0a-1.6mdv2010.1.i586.rpm b2372b8919a8ab458ade4ce47080f7ff 2010.1/i586/libopenssl1.0.0-static-devel-1.0.0a-1.6mdv2010.1.i586.rpm cd5929de815b6eec25d1d683f4363db0 2010.1/i586/libopenssl-engines1.0.0-1.0.0a-1.6mdv2010.1.i586.rpm 60fee57d944361e4fa369412c71a59a9 2010.1/i586/openssl-1.0.0a-1.6mdv2010.1.i586.rpm 2f28a567af2f44df1fbac7006d27db5d 2010.1/SRPMS/openssl-1.0.0a-1.6mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64: ab021cadcaa131053ba5ac3940298f86 2010.1/x86_64/lib64openssl1.0.0-1.0.0a-1.6mdv2010.1.x86_64.rpm a2119fefbe8cfb649e88b3faf85ffba1 2010.1/x86_64/lib64openssl1.0.0-devel-1.0.0a-1.6mdv2010.1.x86_64.rpm 067878d8ff9ec0002c0a7653a1b87b05 2010.1/x86_64/lib64openssl1.0.0-static-devel-1.0.0a-1.6mdv2010.1.x86_64.rpm 60a8142259ee202b6327e8a2c0f86755 2010.1/x86_64/lib64openssl-engines1.0.0-1.0.0a-1.6mdv2010.1.x86_64.rpm a4c77c129fd43f7918075fadf461fe8b 2010.1/x86_64/openssl-1.0.0a-1.6mdv2010.1.x86_64.rpm 2f28a567af2f44df1fbac7006d27db5d 2010.1/SRPMS/openssl-1.0.0a-1.6mdv2010.1.src.rpm
Corporate 4.0: 3f7610ee9ee7aa4b8d1ed3997e28d09b corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.13.20060mlcs4.i586.rpm 25a4686ef5ca8302eebf2f1b4fe67e35 corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.13.20060mlcs4.i586.rpm c5f5a562293eae123b05a96d3ba663d7 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.13.20060mlcs4.i586.rpm e50aac28cc844b0184f3203bb34fa682 corporate/4.0/i586/openssl-0.9.7g-2.13.20060mlcs4.i586.rpm 646cced4e21e4bf657254040ddbc1a47 corporate/4.0/SRPMS/openssl-0.9.7g-2.13.20060mlcs4.src.rpm
Corporate 4.0/X86_64: f68f167e440886222c949078044281eb corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.13.20060mlcs4.x86_64.rpm ab7cc2cc749717199afb25c094035945 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.13.20060mlcs4.x86_64.rpm f7f9a378a4e77af084330d2206c86e5e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.13.20060mlcs4.x86_64.rpm fdcc7edc730c1ec56424328cefcbdfae corporate/4.0/x86_64/openssl-0.9.7g-2.13.20060mlcs4.x86_64.rpm 646cced4e21e4bf657254040ddbc1a47 corporate/4.0/SRPMS/openssl-0.9.7g-2.13.20060mlcs4.src.rpm
Mandriva Enterprise Server 5: 09c73809185dfb05bd8545e46bb8b215 mes5/i586/libopenssl0.9.8-0.9.8h-3.9mdvmes5.1.i586.rpm cefb1c9e7fbc54ef678c3cbb16fb4983 mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.9mdvmes5.1.i586.rpm 1f1810faa0ec3f1cf298882752826903 mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.9mdvmes5.1.i586.rpm 48ce5b2ac3e114dd33d8274d01baf357 mes5/i586/openssl-0.9.8h-3.9mdvmes5.1.i586.rpm 487d48389d5b8bd2486e29f052749651 mes5/SRPMS/openssl-0.9.8h-3.9mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64: 4ad42bf2e7beae5a935649df07c000e6 mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.9mdvmes5.1.x86_64.rpm 709be621d6080125c051d9793cb92b26 mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.9mdvmes5.1.x86_64.rpm 000098b8f9b1778bcb3ff01b504e697b mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.9mdvmes5.1.x86_64.rpm ab35ec2ae8b1482722baee700b16f121 mes5/x86_64/openssl-0.9.8h-3.9mdvmes5.1.x86_64.rpm 487d48389d5b8bd2486e29f052749651 mes5/SRPMS/openssl-0.9.8h-3.9mdvmes5.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201012-0193",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "lt",
"trust": 1.8,
"vendor": "openssl",
"version": "0.9.8q"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.8,
"vendor": "openssl",
"version": "1.0.0c"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.3,
"vendor": "suse",
"version": "9"
},
{
"model": "esx",
"scope": "eq",
"trust": 1.1,
"vendor": "vmware",
"version": "3.5"
},
{
"model": "esx",
"scope": "eq",
"trust": 1.1,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "esx",
"scope": "eq",
"trust": 1.1,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.06"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.1"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.2"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "14"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "13"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.3"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "0.9.2"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "efi",
"version": null
},
{
"model": "esx",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "3.0.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.7"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.7"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.31"
},
{
"model": "cacheflow",
"scope": "lt",
"trust": 0.8,
"vendor": "blue coat",
"version": "2.1.4.7"
},
{
"model": "director",
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": "packetshaper",
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": "policycenter",
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": "proxyav",
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": "reporter",
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": "proxyone",
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": "proxysg",
"scope": "lt",
"trust": 0.8,
"vendor": "blue coat",
"version": "6.1.2.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.2b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.0b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.4"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.1c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.3.3"
},
{
"model": "linux enterprise sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.4.3"
},
{
"model": "project openssl 0.9.8f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "integrated lights out",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "21.16"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0.4"
},
{
"model": "hat jboss enterprise web server for rhel as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "41.0"
},
{
"model": "coat systems proxyav",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.2"
},
{
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.1"
},
{
"model": "hat jboss enterprise web server for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "61.0"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "3.0.6"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "syslog-ng premium edition 3.2.1a",
"scope": null,
"trust": 0.3,
"vendor": "balabit",
"version": null
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.7"
},
{
"model": "project openssl b-36.8",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "coat systems proxyav",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.2.6.1"
},
{
"model": "hat enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.3"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.8"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.6"
},
{
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.1"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "coat systems cacheflow",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "2.1.47"
},
{
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "coat systems policy center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "8.6"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.11"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "3.2"
},
{
"model": "coat systems proxyav",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.4.8"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.5"
},
{
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "integrated lights out",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "32.05"
},
{
"model": "edirectory sp6 patch",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "8.83"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"model": "project openssl 1.0.0c",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"model": "hat jboss enterprise web server for rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "red",
"version": "61.0.2"
},
{
"model": "hat enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "edirectory sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.8"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.2"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.4.8"
},
{
"model": "coat systems proxyav",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "2.4.2"
},
{
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "edirectory sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.8"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "ssl for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.3"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "coat systems proxyone",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"model": "hat enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "onboard administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.32"
},
{
"model": "intuity audix lx sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5300-06"
},
{
"model": "onboard administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.31"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "edirectory sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.8"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5200-10"
},
{
"model": "syslog-ng premium edition 3.2.1b",
"scope": "ne",
"trust": 0.3,
"vendor": "balabit",
"version": null
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"model": "coat systems packetshaper",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "8.7.1"
},
{
"model": "hat jboss enterprise web server for rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "51.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux enterprise sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.6"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.4"
},
{
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"model": "syslog-ng premium edition 3.0.7a",
"scope": "ne",
"trust": 0.3,
"vendor": "balabit",
"version": null
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "hat jboss enterprise web server for solaris",
"scope": "ne",
"trust": 0.3,
"vendor": "red",
"version": "1.0.2"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "coat systems policy center",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "8.7.1"
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "message networking sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.3"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.6.1"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.1"
},
{
"model": "project openssl l",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "messaging storage server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.9"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "hat jboss enterprise web server for rhel es",
"scope": "ne",
"trust": 0.3,
"vendor": "red",
"version": "41.0.2"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "hat jboss enterprise web server for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "red",
"version": "1.0.2"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "linux enterprise desktop sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.5"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "ssl for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.12"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "aix l",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "hat enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "syslog-ng premium edition 4.0.1a",
"scope": "ne",
"trust": 0.3,
"vendor": "balabit",
"version": null
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.4"
},
{
"model": "project openssl l",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.8.7"
},
{
"model": "coat systems policy center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "8.7"
},
{
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"model": "hat jboss enterprise web server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5.0"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.4"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "edirectory sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.8"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "coat systems proxyav",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "2.4.2.3"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "4.0.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "project openssl 1.0.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.3"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "hat jboss enterprise web server for rhel as",
"scope": "ne",
"trust": 0.3,
"vendor": "red",
"version": "41.0.2"
},
{
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "8.3.2"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "linux enterprise teradata sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "3.0.7"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "hat enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat jboss enterprise web server for rhel server",
"scope": "ne",
"trust": 0.3,
"vendor": "red",
"version": "51.0.2"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.3"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.2"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "hat jboss enterprise web server for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "1.0"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"model": "coat systems proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "6.1.21"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.1.6"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "3.0.5"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "coat systems proxyav",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.2.6.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "hat jboss enterprise web server for rhel es",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "41.0"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.8"
},
{
"model": "hat enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "11.0"
},
{
"model": "project openssl m",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "intuity audix lx sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "project openssl 1.0.0a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "ssl for openvms",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "1.4-453"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "coat systems cacheflow",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "2.1.46"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.10"
},
{
"model": "edirectory sp5 patch",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.84"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "aix l",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.10"
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "insight control",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "edirectory sp4 ftf1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.8"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.1"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "edirectory sp5 ftf1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.8"
},
{
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "intuity audix lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "project openssl m",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "hat jboss enterprise web server for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "1.0"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "edirectory sp3 ftf3",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.8"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.2"
},
{
"model": "aix l",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "onboard administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.21"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "8.4"
},
{
"model": "jboss enterprise web server el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "edirectory sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.8"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#737740"
},
{
"db": "BID",
"id": "45164"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-062"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002548"
},
{
"db": "NVD",
"id": "CVE-2010-4180"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:openssl:openssl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:esx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bluecoat:cacheflow",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:bluecoat:director",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:bluecoat:packetshaper",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bluecoat:policycenter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:bluecoat:proxyav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bluecoat:reporter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:bluecoat:proxyone",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:bluecoat:proxysg",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_hpc_node",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002548"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martin Rex",
"sources": [
{
"db": "BID",
"id": "45164"
}
],
"trust": 0.3
},
"cve": "CVE-2010-4180",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2010-4180",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-4180",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-4180",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201012-062",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2010-4180",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-4180"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-062"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002548"
},
{
"db": "NVD",
"id": "CVE-2010-4180"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL is prone to a security weakness that may allow attackers to downgrade the ciphersuite. \nSuccessfully exploiting this issue in conjunction with other latent vulnerabilities may allow attackers to gain access to sensitive information or gain unauthorized access to an affected application that uses OpenSSL. \nReleases prior to OpenSSL 1.0.0c are affected. ===========================================================\nUbuntu Security Notice USN-1029-1 December 08, 2010\nopenssl vulnerabilities\nCVE-2008-7270, CVE-2010-4180\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 9.10\nUbuntu 10.04 LTS\nUbuntu 10.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n libssl0.9.8 0.9.8a-7ubuntu0.14\n\nUbuntu 8.04 LTS:\n libssl0.9.8 0.9.8g-4ubuntu3.13\n\nUbuntu 9.10:\n libssl0.9.8 0.9.8g-16ubuntu3.5\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.5\n\nUbuntu 10.10:\n libssl0.9.8 0.9.8o-1ubuntu4.3\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nDetails follow:\n\nIt was discovered that an old bug workaround in the SSL/TLS\nserver code allowed an attacker to modify the stored session cache\nciphersuite. (CVE-2010-4180)\n\nIt was discovered that an old bug workaround in the SSL/TLS server\ncode allowed allowed an attacker to modify the stored session cache\nciphersuite. An attacker could possibly take advantage of this to\nforce the use of a disabled cipher. This vulnerability only affects\nthe versions of OpenSSL in Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and\nUbuntu 9.10. (CVE-2008-7270)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14.diff.gz\n Size/MD5: 67296 3de8e480bcec0653b94001366e2f1f27\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14.dsc\n Size/MD5: 1465 a5f93020840f693044eb64af528fd01e\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz\n Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_amd64.udeb\n Size/MD5: 572012 b3792d19d5f7783929e473b6eb1e239c\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_amd64.deb\n Size/MD5: 2181644 746b74e9b6c42731ff2021c396789708\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_amd64.deb\n Size/MD5: 1696628 abe942986698bf86938312c5e344e0ba\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_amd64.deb\n Size/MD5: 880292 9d6d854dcef14c90ce24c1aa232a418a\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_amd64.deb\n Size/MD5: 998466 9c51c334fd6c0b7c7b73340a01af61c8\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_i386.udeb\n Size/MD5: 509644 e1617d062d546f7dad2298bf6463bc3c\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_i386.deb\n Size/MD5: 2031000 6755c67294ab2ff03255a3bf7079ab26\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_i386.deb\n Size/MD5: 5195206 37fcd0cdefd012f0ea7d79d0e6a1b48f\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_i386.deb\n Size/MD5: 2660326 9083ddc71b89e4f4e95c4ca999bcedba\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_i386.deb\n Size/MD5: 979408 518eaad303d089ab7dcc1b89fd019f19\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_powerpc.udeb\n Size/MD5: 558018 0e94d5f570a83f4b41bef642e032c256\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_powerpc.deb\n Size/MD5: 2189034 6588292725cfa33c8d56a61c3d8120b1\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_powerpc.deb\n Size/MD5: 1740524 0b98e950e59c538333716ee939710150\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_powerpc.deb\n Size/MD5: 865778 d1e44ecc73dea8a8a11cd4d6b7c38abf\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_powerpc.deb\n Size/MD5: 984342 a3ff875c30b6721a1d6dd59d9a6393e0\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_sparc.udeb\n Size/MD5: 531126 7f598ce48b981eece01e0a1044bbdcc5\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_sparc.deb\n Size/MD5: 2099640 38d18490bd40fcc6ee127965e460e6aa\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_sparc.deb\n Size/MD5: 3977666 f532337b8bc186ee851d69f8af8f7fe3\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_sparc.deb\n Size/MD5: 2101356 501fd6e860368e3682f9d6035ed3413d\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_sparc.deb\n Size/MD5: 992232 52bd2a78e8d2452fbe873658433fbe45\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13.diff.gz\n Size/MD5: 73984 2e4386a45d0f3a7e3bbf13f1cd4f62fb\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13.dsc\n Size/MD5: 1563 40d181ca10759fb3d78a24d3b61d6055\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz\n Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.13_all.deb\n Size/MD5: 631720 68f4c61790241e78736eb6a2c2280a0d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_amd64.udeb\n Size/MD5: 604222 f1aeb30abc9ff9f73749dced0982c312\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_amd64.deb\n Size/MD5: 2084282 472728da8f3b8474d23e128ab686b777\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_amd64.deb\n Size/MD5: 1621532 4aad22d7f98d57f9d582123f354bb499\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_amd64.deb\n Size/MD5: 941454 fbeb5e8cc138872158931bbde0be2336\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_amd64.deb\n Size/MD5: 392758 e337373509761ee9c3e54d26c3867cd6\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_i386.udeb\n Size/MD5: 564986 a9cfb58458322b5c3253f5f21fcdff83\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_i386.deb\n Size/MD5: 1951390 187734df71deb12de0aa6ba3da3ddfb2\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_i386.deb\n Size/MD5: 5415092 1919e018dc2473d10f05626cfdd4385a\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_i386.deb\n Size/MD5: 2859870 7b5ef116df18489408becd21d9d52649\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_i386.deb\n Size/MD5: 387802 2fb486f8f17dfc6d384e54465f66f8a9\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_lpia.udeb\n Size/MD5: 535616 d196d8b0dc3d0c9864862f88a400f46e\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_lpia.deb\n Size/MD5: 1932070 bc1a33e24ce141477caf0a4145d10284\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_lpia.deb\n Size/MD5: 1532992 6e69c3e3520bafbdbfbf2ff09a822530\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_lpia.deb\n Size/MD5: 852392 07d0adb80cd03837fd9d8ecbda86ea09\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_lpia.deb\n Size/MD5: 392096 c90b67fc5dbc0353a60b840ccdd632bd\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_powerpc.udeb\n Size/MD5: 610446 e5db78f8999ea4da0e5ac1b6fdc35618\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_powerpc.deb\n Size/MD5: 2091338 70f449d9738b0a05d293d97facb87f5e\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_powerpc.deb\n Size/MD5: 1658830 5dba0f3b3eb2e8ecc9953a5eba7e9339\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_powerpc.deb\n Size/MD5: 953732 406c11752e6a69cea4f7c65e5c23f2bb\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_powerpc.deb\n Size/MD5: 401076 c7572a53be4971e4537e1a3c52497a85\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_sparc.udeb\n Size/MD5: 559792 69edc52b1e3b34fcb302fc7a9504223e\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_sparc.deb\n Size/MD5: 1995782 dbf2c667cf2be687693d435e52959cfa\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_sparc.deb\n Size/MD5: 3927018 4a16b21b3e212031f4bd6e618197f8e2\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_sparc.deb\n Size/MD5: 2264418 d0e9ea2c9df5406bf0b94746ce34a189\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_sparc.deb\n Size/MD5: 400272 6adb67ab18511683369b980fddb15e94\n\nUpdated packages for Ubuntu 9.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5.diff.gz\n Size/MD5: 75247 09b8215b07ab841c39f8836ca47ee01d\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5.dsc\n Size/MD5: 2078 0f11b8b1f104fdd3b7ef98b8f289e57a\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz\n Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-16ubuntu3.5_all.deb\n Size/MD5: 642466 eecc336759fa7b99eaed2ef541499e97\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_amd64.udeb\n Size/MD5: 628186 29b1c5d8b32a0678a48d0a89556508e3\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_amd64.deb\n Size/MD5: 2119392 d6862813a343ee9472b90f7139e7dc48\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_amd64.deb\n Size/MD5: 1642856 2d76609a9262f9b5f2784c23e451baff\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_amd64.deb\n Size/MD5: 967526 afc32aefadd062851e456216d11d5a97\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_amd64.deb\n Size/MD5: 402562 5aa66b898f890baac5194ada999ab1d3\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_i386.udeb\n Size/MD5: 571494 c6ac5d5bce8786699abf9fd852c46393\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_i386.deb\n Size/MD5: 1979806 bdeb6615f192f714451544068c74812d\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_i386.deb\n Size/MD5: 5630550 f26ccb94e593f7086a4e3b71cff68e3f\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_i386.deb\n Size/MD5: 2927046 5e0b91471526f867012b362cdcda1068\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_i386.deb\n Size/MD5: 397776 07f6c0d04be2bd89d8e40fd8c13285bc\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_armel.udeb\n Size/MD5: 541448 2491f890b8dd2e0a93416d423ec5cc1b\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_armel.deb\n Size/MD5: 1965226 20c3261921cd9d235ed2647f0756b045\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_armel.deb\n Size/MD5: 1540070 9ffa955952e4d670ad29a9b39243d629\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_armel.deb\n Size/MD5: 856998 0be4e4cd43bed15fc8363a879bf58c39\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_armel.deb\n Size/MD5: 393692 802f3c5abea68a6054febb334452a7c0\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_lpia.udeb\n Size/MD5: 547524 6c19d36e99270da89d4adf0f76bdb0eb\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_lpia.deb\n Size/MD5: 1957254 5ee4cfcae8860529992874afc9f325fb\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_lpia.deb\n Size/MD5: 1590464 11e400cf0cc2c2e465adaecc9d477c75\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_lpia.deb\n Size/MD5: 868712 06e54b85b80b5f367bde9743d1aedbff\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_lpia.deb\n Size/MD5: 399902 0efbc32f3738c140b1c3efe2b1113aeb\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_powerpc.udeb\n Size/MD5: 619104 e40b223ab89356348cf4c1de46bd8d77\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_powerpc.deb\n Size/MD5: 2115846 01770253efeca9c2f7c5e432c6d6bf95\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_powerpc.deb\n Size/MD5: 1697564 24d665973abab4ecbe08813d226556f2\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_powerpc.deb\n Size/MD5: 951140 f59e1d23b2b21412d8f068b0475fe773\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_powerpc.deb\n Size/MD5: 399376 3703f492fe145305ee7766e2a0d52c5c\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_sparc.udeb\n Size/MD5: 563630 1df247a9584dbeb62fffde7b42c21a2f\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_sparc.deb\n Size/MD5: 2008260 d79476e6fa043ad83bd12fe9531f8b22\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_sparc.deb\n Size/MD5: 3995256 b60bf440e4e598947db86c4bf020e6fa\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_sparc.deb\n Size/MD5: 2283532 0799ba2774806fead522ef6972cde580\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_sparc.deb\n Size/MD5: 409314 82165b0cf05d27e318f0d64df876f8f8\n\nUpdated packages for Ubuntu 10.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5.diff.gz\n Size/MD5: 112331 02b0f3bdc024b25dc2cb168628a42dac\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5.dsc\n Size/MD5: 2102 de69229286f2c7eb52183e2ededb0a48\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k.orig.tar.gz\n Size/MD5: 3852259 e555c6d58d276aec7fdc53363e338ab3\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8k-7ubuntu8.5_all.deb\n Size/MD5: 640566 023f6b5527052d0341c40cbbf64f8e54\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_amd64.udeb\n Size/MD5: 630234 2d2c5a442d4d2abc2e49feaef783c710\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_amd64.deb\n Size/MD5: 2143676 c9bf70ec94df02a89d99591471e44787\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_amd64.deb\n Size/MD5: 1650636 485f318a2457012aa489823e87d4f9b1\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_amd64.udeb\n Size/MD5: 136130 e16feacb49a52ef72aa69da4f63718a8\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_amd64.deb\n Size/MD5: 979624 6a0c5f93f6371c4b41c0bccbc1e9b217\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_amd64.deb\n Size/MD5: 406378 2aee12190747b060f4ad6bfd3a182bd6\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_i386.udeb\n Size/MD5: 582640 ce87be9268c6ce3550bb7935460b3976\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_i386.deb\n Size/MD5: 2006462 cb6fe50961fe89ee67f0c13c26d424f5\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_i386.deb\n Size/MD5: 5806248 7c21c1a2ea1ce8201904b2a99537cad6\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_i386.udeb\n Size/MD5: 129708 77ff3896e3c541f1d9c0eb161c919882\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_i386.deb\n Size/MD5: 3014932 4e61de0d021f49ac5fc2884d2d252854\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_i386.deb\n Size/MD5: 400398 7654a219a640549e8d34bb91e34a815b\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_armel.udeb\n Size/MD5: 532306 9a4d5169e5e3429581bb16d6e61e334a\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_armel.deb\n Size/MD5: 1935426 fb725096f798314e1cd76248599ec61a\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_armel.deb\n Size/MD5: 1624382 6833d33bed6fbe0ad61d8615d56089f7\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_armel.udeb\n Size/MD5: 115630 55449ab904a6b52402a3cd88b763f384\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_armel.deb\n Size/MD5: 849068 ace9af9701bd1aa8078f8371bb5a1249\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_armel.deb\n Size/MD5: 394182 198be7154104014118c0bee633ad3524\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_powerpc.udeb\n Size/MD5: 627050 1057f1e1b4c7fb2129064149fdc15e7e\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_powerpc.deb\n Size/MD5: 2147452 41e5eb249a3a2619d0add96808c9e6e4\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_powerpc.deb\n Size/MD5: 1718790 6161e426e833e984a2dbe5fbae29ceec\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_powerpc.udeb\n Size/MD5: 135530 26aba12ee4ba7caff0f2653c12318e92\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_powerpc.deb\n Size/MD5: 969544 822b91a90cf91650f12a3ce9200e9dc0\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_powerpc.deb\n Size/MD5: 402878 79e80d92494b2f74241edcd18ba6f994\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_sparc.udeb\n Size/MD5: 597964 a4e6860a52c0681b36b1ca553bccd805\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_sparc.deb\n Size/MD5: 2065638 05c803f4fd599d46162db5de530236f5\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_sparc.deb\n Size/MD5: 4094390 8a1251f546bf8e449fe2952b25029f53\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_sparc.udeb\n Size/MD5: 125862 75b8bdc987cf37a65d73b31c74c664ee\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_sparc.deb\n Size/MD5: 2353876 6ef537e63f9551a927f52cc87befbc60\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_sparc.deb\n Size/MD5: 419348 b17aeb96b578e199d33b02c5eab2ae19\n\nUpdated packages for Ubuntu 10.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3.debian.tar.gz\n Size/MD5: 92255 055df7f147cbad0066f88a0f2fa62cf5\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3.dsc\n Size/MD5: 2118 8a81f824f312fb4033e1ab28a27ff99e\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o.orig.tar.gz\n Size/MD5: 3772542 63ddc5116488985e820075e65fbe6aa4\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8o-1ubuntu4.3_all.deb\n Size/MD5: 645798 04eb700e0335d703bd6f610688bc3374\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_amd64.udeb\n Size/MD5: 620316 df1d96cf5dbe9ea0b5ab1ef6f09b9194\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_amd64.deb\n Size/MD5: 2159884 a8fc3df0bf6af3350fe8f304eb29d90d\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_amd64.deb\n Size/MD5: 1550444 f51ab29ef9e5e2636eb9b943d6e1d4b1\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_amd64.udeb\n Size/MD5: 137384 72d04c14a09c287978aec689872bde8c\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_amd64.deb\n Size/MD5: 923380 91e5f4df1c1e011ee449ff6424ecb832\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_amd64.deb\n Size/MD5: 406978 e9a055390d250ffc516518b53bb8bb36\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_i386.udeb\n Size/MD5: 570730 42ed7f9d05ca2b4d260cb3eb07832306\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_i386.deb\n Size/MD5: 2012542 2132edd3a3e0eecd04efd4645b8f583f\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_i386.deb\n Size/MD5: 1553718 a842382c89c5a0ad0a88f979b9ffbd7e\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_i386.udeb\n Size/MD5: 130462 4d2506b23b5abfa3be3e7fb8543c8d70\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_i386.deb\n Size/MD5: 866348 3c2ea45d798374c21b800dcf59d0a4c1\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_i386.deb\n Size/MD5: 400064 b1b5e14e431ae7c6c5fad917f6ce596f\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_armel.udeb\n Size/MD5: 566054 5561d1894ad32ac689593ddd4b4a0609\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_armel.deb\n Size/MD5: 2012710 fd1d0612b6a89b26b0d32c72087538fd\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_armel.deb\n Size/MD5: 1542334 7609e92dc5d8d3030a65f4be81b862b2\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_armel.udeb\n Size/MD5: 120434 8d289d3446bdcdc8c297066608e72322\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_armel.deb\n Size/MD5: 851396 f5c3eb4c55ef9a9985a88bbaed3ec2ca\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_armel.deb\n Size/MD5: 406412 3bd3e64fd628b294b6ea47eb5f3c6a27\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_powerpc.udeb\n Size/MD5: 616138 19c9d86e43e2680921dd0a726a4dc955\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_powerpc.deb\n Size/MD5: 2154670 b22a1c4b9b05a87ab3b3ad494d5627f6\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_powerpc.deb\n Size/MD5: 1618586 3b2e33b46a007144b61c2469c7a2cbc7\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_powerpc.udeb\n Size/MD5: 136044 37e9e3fdc5d3dd5a9f931f33e523074e\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_powerpc.deb\n Size/MD5: 917582 674b2479c79c72b479f91433a34cb0fb\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_powerpc.deb\n Size/MD5: 402026 a9001ad881ad996d844b12bd7d427d76\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02824483\nVersion: 1\n\nHPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-05-05\nLast Updated: 2011-05-05\n\nPotential Security Impact: Remote Denial of Service (DoS), Unauthorized disclosure of information, unauthorized modification\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses. \n\nReferences: CVE-2011-0014, CVE-2010-4180, CVE-2010-4252, CVE-2010-3864\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL for OpenVMS v 1.4 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2010-4180 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2010-4252 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2010-3864 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nHP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers:\nhttp://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\nHISTORY\nVersion:1 (rev.1) - 5 May 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk3C8qwACgkQ4B86/C0qfVmTyACeI0cAPKAuu2dSVEZs1P0A/HP1\nnR4An0Fi+F9yPWsVHhM8pkgrG376ShnM\n=DCj7\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201110-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: OpenSSL: Multiple vulnerabilities\n Date: October 09, 2011\n Bugs: #303739, #308011, #322575, #332027, #345767, #347623,\n #354139, #382069\n ID: 201110-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in OpenSSL, allowing for the\nexecution of arbitrary code and other attacks. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.0e \u003e= 1.0.0e\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA context-dependent attacker could cause a Denial of Service, possibly\nexecute arbitrary code, bypass intended key requirements, force the\ndowngrade to unintended ciphers, bypass the need for knowledge of\nshared secrets and successfully authenticate, bypass CRL validation, or\nobtain sensitive information in applications that use OpenSSL. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0e\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since September 17, 2011. It is likely that your system is\nalready no longer affected by most of these issues. \n\nReferences\n==========\n\n[ 1 ] CVE-2009-3245\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245\n[ 2 ] CVE-2009-4355\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355\n[ 3 ] CVE-2010-0433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433\n[ 4 ] CVE-2010-0740\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740\n[ 5 ] CVE-2010-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742\n[ 6 ] CVE-2010-1633\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633\n[ 7 ] CVE-2010-2939\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939\n[ 8 ] CVE-2010-3864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864\n[ 9 ] CVE-2010-4180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180\n[ 10 ] CVE-2010-4252\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252\n[ 11 ] CVE-2011-0014\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014\n[ 12 ] CVE-2011-3207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207\n[ 13 ] CVE-2011-3210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2141-1 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nJanuary 06, 2011 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : openssl\nVulnerability : SSL/TLS insecure renegotiation protocol design flaw\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-3555 CVE-2010-4180\nDebian Bug : 555829\n\nCVE-2009-3555:\n\nMarsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS\nand SSLv3 protocols. If an attacker could perform a man in the middle\nattack at the start of a TLS connection, the attacker could inject\narbitrary content at the beginning of the user\u0027s session. This update\nadds backported support for the new RFC5746 renegotiation extension\nwhich fixes this issue. \n\nIf openssl is used in a server application, it will by default no\nlonger accept renegotiation from clients that do not support the\nRFC5746 secure renegotiation extension. A separate advisory will add\nRFC5746 support for nss, the security library used by the iceweasel\nweb browser. For apache2, there will be an update which allows to\nre-enable insecure renegotiation. \n\nThis version of openssl is not compatible with older versions of tor. \nYou have to use at least tor version 0.2.1.26-1~lenny+1, which has\nbeen included in the point release 5.0.7 of Debian stable. \n\nCurrently we are not aware of other software with similar compatibility\nproblems. \n\n\nCVE-2010-4180:\n \nIn addition, this update fixes a flaw that allowed a client to bypass\nrestrictions configured in the server for the used cipher suite. \n\n\nFor the stable distribution (lenny), this problem has been fixed\nin version 0.9.8g-15+lenny11. \n\nFor the unstable distribution (sid), and the testing distribution\n(squeeze), this problem has been fixed in version 0.9.8o-4. \n\nWe recommend that you upgrade your openssl package. \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026products_id=490\n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n a4b19ac2810b464392bb2f3b5292fe67 2009.0/i586/libopenssl0.9.8-0.9.8h-3.9mdv2009.0.i586.rpm\n 6169959e4a5f0acbdab7269ac99baa8d 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.9mdv2009.0.i586.rpm\n 64195ec5f2e7868a49c280d3a32168cd 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.9mdv2009.0.i586.rpm\n 7a1c151567d7f9d364a79ecd63322d47 2009.0/i586/openssl-0.9.8h-3.9mdv2009.0.i586.rpm \n 6e96fc588f1921571046fbc14928e5a1 2009.0/SRPMS/openssl-0.9.8h-3.9mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n a77409f3bedc0446f8eda39281dbf7a4 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.9mdv2009.0.x86_64.rpm\n feffaacd70224326c3582eb93156864b 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.9mdv2009.0.x86_64.rpm\n e2cb3f77f36b8b0a6ca214861bf79be3 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.9mdv2009.0.x86_64.rpm\n d6e667e012727d34442e23f91b005b40 2009.0/x86_64/openssl-0.9.8h-3.9mdv2009.0.x86_64.rpm \n 6e96fc588f1921571046fbc14928e5a1 2009.0/SRPMS/openssl-0.9.8h-3.9mdv2009.0.src.rpm\n\n Mandriva Linux 2010.0:\n 86223cb60de3ea76f185425da6b299f2 2010.0/i586/libopenssl0.9.8-0.9.8k-5.4mdv2010.0.i586.rpm\n 7624aa325a944ee5f4898dfd3a1c4340 2010.0/i586/libopenssl0.9.8-devel-0.9.8k-5.4mdv2010.0.i586.rpm\n 95ac866a31973ccf4c2e6d04012e7e67 2010.0/i586/libopenssl0.9.8-static-devel-0.9.8k-5.4mdv2010.0.i586.rpm\n 445c417e7de8145daefedf113b343ff5 2010.0/i586/openssl-0.9.8k-5.4mdv2010.0.i586.rpm \n 27fc76be287e1cd06adb2725df0c4167 2010.0/SRPMS/openssl-0.9.8k-5.4mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 391cb84677230e2c39708db0797b2e87 2010.0/x86_64/lib64openssl0.9.8-0.9.8k-5.4mdv2010.0.x86_64.rpm\n 7f251668cfd04bd1e2a634030c28929f 2010.0/x86_64/lib64openssl0.9.8-devel-0.9.8k-5.4mdv2010.0.x86_64.rpm\n 9110c45d54ce48c4ad0c8fe231f7f027 2010.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-5.4mdv2010.0.x86_64.rpm\n 43e7eae967aad5b140eed29dab277aa2 2010.0/x86_64/openssl-0.9.8k-5.4mdv2010.0.x86_64.rpm \n 27fc76be287e1cd06adb2725df0c4167 2010.0/SRPMS/openssl-0.9.8k-5.4mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n 9cf211d5095ca7a5a82aa980d4eebd5d 2010.1/i586/libopenssl1.0.0-1.0.0a-1.6mdv2010.1.i586.rpm\n 788019361b199d0b6a0f3331294ac154 2010.1/i586/libopenssl1.0.0-devel-1.0.0a-1.6mdv2010.1.i586.rpm\n b2372b8919a8ab458ade4ce47080f7ff 2010.1/i586/libopenssl1.0.0-static-devel-1.0.0a-1.6mdv2010.1.i586.rpm\n cd5929de815b6eec25d1d683f4363db0 2010.1/i586/libopenssl-engines1.0.0-1.0.0a-1.6mdv2010.1.i586.rpm\n 60fee57d944361e4fa369412c71a59a9 2010.1/i586/openssl-1.0.0a-1.6mdv2010.1.i586.rpm \n 2f28a567af2f44df1fbac7006d27db5d 2010.1/SRPMS/openssl-1.0.0a-1.6mdv2010.1.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n ab021cadcaa131053ba5ac3940298f86 2010.1/x86_64/lib64openssl1.0.0-1.0.0a-1.6mdv2010.1.x86_64.rpm\n a2119fefbe8cfb649e88b3faf85ffba1 2010.1/x86_64/lib64openssl1.0.0-devel-1.0.0a-1.6mdv2010.1.x86_64.rpm\n 067878d8ff9ec0002c0a7653a1b87b05 2010.1/x86_64/lib64openssl1.0.0-static-devel-1.0.0a-1.6mdv2010.1.x86_64.rpm\n 60a8142259ee202b6327e8a2c0f86755 2010.1/x86_64/lib64openssl-engines1.0.0-1.0.0a-1.6mdv2010.1.x86_64.rpm\n a4c77c129fd43f7918075fadf461fe8b 2010.1/x86_64/openssl-1.0.0a-1.6mdv2010.1.x86_64.rpm \n 2f28a567af2f44df1fbac7006d27db5d 2010.1/SRPMS/openssl-1.0.0a-1.6mdv2010.1.src.rpm\n\n Corporate 4.0:\n 3f7610ee9ee7aa4b8d1ed3997e28d09b corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.13.20060mlcs4.i586.rpm\n 25a4686ef5ca8302eebf2f1b4fe67e35 corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.13.20060mlcs4.i586.rpm\n c5f5a562293eae123b05a96d3ba663d7 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.13.20060mlcs4.i586.rpm\n e50aac28cc844b0184f3203bb34fa682 corporate/4.0/i586/openssl-0.9.7g-2.13.20060mlcs4.i586.rpm \n 646cced4e21e4bf657254040ddbc1a47 corporate/4.0/SRPMS/openssl-0.9.7g-2.13.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n f68f167e440886222c949078044281eb corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.13.20060mlcs4.x86_64.rpm\n ab7cc2cc749717199afb25c094035945 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.13.20060mlcs4.x86_64.rpm\n f7f9a378a4e77af084330d2206c86e5e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.13.20060mlcs4.x86_64.rpm\n fdcc7edc730c1ec56424328cefcbdfae corporate/4.0/x86_64/openssl-0.9.7g-2.13.20060mlcs4.x86_64.rpm \n 646cced4e21e4bf657254040ddbc1a47 corporate/4.0/SRPMS/openssl-0.9.7g-2.13.20060mlcs4.src.rpm\n\n Mandriva Enterprise Server 5:\n 09c73809185dfb05bd8545e46bb8b215 mes5/i586/libopenssl0.9.8-0.9.8h-3.9mdvmes5.1.i586.rpm\n cefb1c9e7fbc54ef678c3cbb16fb4983 mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.9mdvmes5.1.i586.rpm\n 1f1810faa0ec3f1cf298882752826903 mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.9mdvmes5.1.i586.rpm\n 48ce5b2ac3e114dd33d8274d01baf357 mes5/i586/openssl-0.9.8h-3.9mdvmes5.1.i586.rpm \n 487d48389d5b8bd2486e29f052749651 mes5/SRPMS/openssl-0.9.8h-3.9mdvmes5.1.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 4ad42bf2e7beae5a935649df07c000e6 mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.9mdvmes5.1.x86_64.rpm\n 709be621d6080125c051d9793cb92b26 mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.9mdvmes5.1.x86_64.rpm\n 000098b8f9b1778bcb3ff01b504e697b mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.9mdvmes5.1.x86_64.rpm\n ab35ec2ae8b1482722baee700b16f121 mes5/x86_64/openssl-0.9.8h-3.9mdvmes5.1.x86_64.rpm \n 487d48389d5b8bd2486e29f052749651 mes5/SRPMS/openssl-0.9.8h-3.9mdvmes5.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4180"
},
{
"db": "CERT/CC",
"id": "VU#737740"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002548"
},
{
"db": "BID",
"id": "45164"
},
{
"db": "VULMON",
"id": "CVE-2010-4180"
},
{
"db": "PACKETSTORM",
"id": "96487"
},
{
"db": "PACKETSTORM",
"id": "101256"
},
{
"db": "PACKETSTORM",
"id": "105638"
},
{
"db": "PACKETSTORM",
"id": "97287"
},
{
"db": "PACKETSTORM",
"id": "96467"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-4180",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#737740",
"trust": 2.8
},
{
"db": "BID",
"id": "45164",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "42473",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2010-3120",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1024822",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "69565",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "43169",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42811",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42469",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "43172",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42571",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42493",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "43173",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44269",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "43170",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42620",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42877",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "43171",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0076",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3188",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0268",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3122",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0032",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3134",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU91284469",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002548",
"trust": 0.8
},
{
"db": "LENOVO",
"id": "LEN-24443",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201012-062",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2010-4180",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "96487",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101256",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105638",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "97287",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "96467",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#737740"
},
{
"db": "VULMON",
"id": "CVE-2010-4180"
},
{
"db": "BID",
"id": "45164"
},
{
"db": "PACKETSTORM",
"id": "96487"
},
{
"db": "PACKETSTORM",
"id": "101256"
},
{
"db": "PACKETSTORM",
"id": "105638"
},
{
"db": "PACKETSTORM",
"id": "97287"
},
{
"db": "PACKETSTORM",
"id": "96467"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-062"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002548"
},
{
"db": "NVD",
"id": "CVE-2010-4180"
}
]
},
"id": "VAR-201012-0193",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2025-12-22T20:00:34.784000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT4723",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4723"
},
{
"title": "openssl-0.9.8e-12.AXS3.7",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1324"
},
{
"title": "HPSBUX02638",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02737002"
},
{
"title": "2168",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2168"
},
{
"title": "20131",
"trust": 0.8,
"url": "http://cvs.openssl.org/chngview?cn=20131"
},
{
"title": "secadv_20101202",
"trust": 0.8,
"url": "http://openssl.org/news/secadv_20101202.txt"
},
{
"title": "RHSA-2010:0977",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0977.html"
},
{
"title": "RHSA-2010:0978",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0978.html"
},
{
"title": "RHSA-2010:0979",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0979.html"
},
{
"title": "SA53",
"trust": 0.8,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA53"
},
{
"title": "cve_2010_4180_affects_openssl",
"trust": 0.8,
"url": "http://blogs.oracle.com/sunsecurity/entry/cve_2010_4180_affects_openssl"
},
{
"title": "Multiple OpenSSL vulnerabilities in Sun SPARC Enterprise M-series XCP Firmware",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_openssl_vulnerabilities_in_sun"
},
{
"title": "TLSA-2013-3",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2013/TLSA-2013-3j.html"
},
{
"title": "VMSA-2011-0013",
"trust": 0.8,
"url": "http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2011-0013.html"
},
{
"title": "openssl_patchset_20131",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=35764"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1029-1"
},
{
"title": "Debian Security Advisories: DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=1c00cc4c6dbe7bb057db61e10ff97d6d"
},
{
"title": "Symantec Security Advisories: SA53 : OpenSSL Ciphersuite Downgrade Attack (CVE-2010-4180)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=92a9a237511ca120aa4255feb5bdf611"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/hrbrmstr/internetdb "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/khulnasoft-labs/awesome-security "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-4180"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-062"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002548"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002548"
},
{
"db": "NVD",
"id": "CVE-2010-4180"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2010/3120"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/42473"
},
{
"trust": 2.5,
"url": "http://osvdb.org/69565"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1024822"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/45164"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"trust": 1.7,
"url": "http://cvs.openssl.org/chngview?cn=20131"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462"
},
{
"trust": 1.7,
"url": "http://openssl.org/news/secadv_20101202.txt"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/3122"
},
{
"trust": 1.7,
"url": "http://ubuntu.com/usn/usn-1029-1"
},
{
"trust": 1.7,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/3134"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42493"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:248"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42469"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/3188"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-december/052027.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0979.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42620"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42571"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-december/052315.html"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2011/dsa-2141"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42811"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0032"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0977.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0978.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42877"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0268"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/43171"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/43172"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/43169"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/43173"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/43170"
},
{
"trust": 1.7,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa53\u0026actp=list"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44269"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht4723"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0896.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522176"
},
{
"trust": 1.7,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02794777"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18910"
},
{
"trust": 1.1,
"url": "http://w3.efi.com/fiery"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4180"
},
{
"trust": 0.8,
"url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64"
},
{
"trust": 0.8,
"url": "https://www.openssl.org/news/vulnerabilities.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu976710"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu91284469/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4180"
},
{
"trust": 0.6,
"url": "http://support.avaya.com/css/p8/documents/100124969"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/solutions/len-24443"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4180"
},
{
"trust": 0.3,
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000107.html"
},
{
"trust": 0.3,
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000111.html"
},
{
"trust": 0.3,
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000108.html"
},
{
"trust": 0.3,
"url": "http://blogs.sun.com/security/entry/cve_2010_4180_affects_openssl"
},
{
"trust": 0.3,
"url": "http://www.novell.com/support/viewcontent.do?externalid=3426981"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03263573"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_openssl_vulnerabilities_in_sun"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "http://www.openssl.org/news/secadv_20101202.txt\\"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2011-0013.html"
},
{
"trust": 0.3,
"url": "/archive/1/516801"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100124972"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100131810"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa53"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03024266\u0026ac.admitted=1320706848406.876444892.492883150"
},
{
"trust": 0.3,
"url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02794777"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory2.asc"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100124969"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1029-1/"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3.debian.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-16ubuntu3.5_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_i386.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_armel.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8k-7ubuntu8.5_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_armel.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_i386.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_i386.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8o-1ubuntu4.3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_armel.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_i386.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-7270"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.13_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_armel.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_armel.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_i386.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_armel.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_armel.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_lpia.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_armel.udeb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_lpia.udeb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0014"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4252"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0742"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4355"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3207"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3864"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2939"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1633"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3210"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0740"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201110-01.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3245"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0433"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0014"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4355"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://store.mandriva.com/product_info.php?cpath=149\u0026products_id=490"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#737740"
},
{
"db": "VULMON",
"id": "CVE-2010-4180"
},
{
"db": "BID",
"id": "45164"
},
{
"db": "PACKETSTORM",
"id": "96487"
},
{
"db": "PACKETSTORM",
"id": "101256"
},
{
"db": "PACKETSTORM",
"id": "105638"
},
{
"db": "PACKETSTORM",
"id": "97287"
},
{
"db": "PACKETSTORM",
"id": "96467"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-062"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002548"
},
{
"db": "NVD",
"id": "CVE-2010-4180"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#737740"
},
{
"db": "VULMON",
"id": "CVE-2010-4180"
},
{
"db": "BID",
"id": "45164"
},
{
"db": "PACKETSTORM",
"id": "96487"
},
{
"db": "PACKETSTORM",
"id": "101256"
},
{
"db": "PACKETSTORM",
"id": "105638"
},
{
"db": "PACKETSTORM",
"id": "97287"
},
{
"db": "PACKETSTORM",
"id": "96467"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-062"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002548"
},
{
"db": "NVD",
"id": "CVE-2010-4180"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-18T00:00:00",
"db": "CERT/CC",
"id": "VU#737740"
},
{
"date": "2010-12-06T00:00:00",
"db": "VULMON",
"id": "CVE-2010-4180"
},
{
"date": "2010-12-02T00:00:00",
"db": "BID",
"id": "45164"
},
{
"date": "2010-12-08T19:24:47",
"db": "PACKETSTORM",
"id": "96487"
},
{
"date": "2011-05-10T00:44:30",
"db": "PACKETSTORM",
"id": "101256"
},
{
"date": "2011-10-09T16:42:00",
"db": "PACKETSTORM",
"id": "105638"
},
{
"date": "2011-01-06T16:22:22",
"db": "PACKETSTORM",
"id": "97287"
},
{
"date": "2010-12-08T18:39:21",
"db": "PACKETSTORM",
"id": "96467"
},
{
"date": "2010-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-062"
},
{
"date": "2010-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002548"
},
{
"date": "2010-12-06T21:05:48.687000",
"db": "NVD",
"id": "CVE-2010-4180"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#737740"
},
{
"date": "2022-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2010-4180"
},
{
"date": "2015-04-13T21:15:00",
"db": "BID",
"id": "45164"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-062"
},
{
"date": "2012-12-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002548"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-4180"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "101256"
},
{
"db": "PACKETSTORM",
"id": "96467"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-062"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL",
"sources": [
{
"db": "CERT/CC",
"id": "VU#737740"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201012-062"
}
],
"trust": 0.6
}
}
VAR-202106-1909
Vulnerability from variot - Updated: 2025-12-18 00:37NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. NGINX Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. NGINX has a security vulnerability before 1.13.6. The vulnerability stems from the fact that when the autoindex module encounters this file, it will cause an integer overflow. ========================================================================== Ubuntu Security Notice USN-5109-1 October 18, 2021
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
A security issue was fixed in nginx.
Software Description: - nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that nginx incorrectly handled files with certain modification dates. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: nginx 1.10.3-0ubuntu0.16.04.5+esm2
Ubuntu 14.04 ESM: nginx 1.4.6-1ubuntu3.9+esm3
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5109-1 CVE-2017-20005
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1909",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.13.6"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "nginx",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-015095"
},
{
"db": "NVD",
"id": "CVE-2017-20005"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "164541"
}
],
"trust": 0.1
},
"cve": "CVE-2017-20005",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-20005",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-394033",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-20005",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-20005",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-20005",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2017-20005",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-20005",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-378",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-394033",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-394033"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-378"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-015095"
},
{
"db": "NVD",
"id": "CVE-2017-20005"
},
{
"db": "NVD",
"id": "CVE-2017-20005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. NGINX Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. NGINX has a security vulnerability before 1.13.6. The vulnerability stems from the fact that when the autoindex module encounters this file, it will cause an integer overflow. ==========================================================================\nUbuntu Security Notice USN-5109-1\nOctober 18, 2021\n\nnginx vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nA security issue was fixed in nginx. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nIt was discovered that nginx incorrectly handled files with\ncertain modification dates. A remote attacker could possibly\nuse this issue to cause a denial of service or other unspecified\nimpact. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n nginx 1.10.3-0ubuntu0.16.04.5+esm2\n\nUbuntu 14.04 ESM:\n nginx 1.4.6-1ubuntu3.9+esm3\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5109-1\n CVE-2017-20005\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-20005"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-015095"
},
{
"db": "VULHUB",
"id": "VHN-394033"
},
{
"db": "PACKETSTORM",
"id": "164541"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-20005",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-015095",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202106-378",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164541",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3462",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1974",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-394033",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-394033"
},
{
"db": "PACKETSTORM",
"id": "164541"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-378"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-015095"
},
{
"db": "NVD",
"id": "CVE-2017-20005"
}
]
},
"id": "VAR-202106-1909",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-394033"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-18T00:37:35.903000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "#1368\u00a0closed\u00a0defect\u00a0(fixed)",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-015095"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Integer overflow or wraparound (CWE-190) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-394033"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-015095"
},
{
"db": "NVD",
"id": "CVE-2017-20005"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210805-0006/"
},
{
"trust": 1.7,
"url": "http://nginx.org/en/changes"
},
{
"trust": 1.7,
"url": "https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf"
},
{
"trust": 1.7,
"url": "https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b"
},
{
"trust": 1.7,
"url": "https://trac.nginx.org/nginx/ticket/1368"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-20005"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3462"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164541/ubuntu-security-notice-usn-5109-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1974"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5109-1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-394033"
},
{
"db": "PACKETSTORM",
"id": "164541"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-378"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-015095"
},
{
"db": "NVD",
"id": "CVE-2017-20005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-394033"
},
{
"db": "PACKETSTORM",
"id": "164541"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-378"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-015095"
},
{
"db": "NVD",
"id": "CVE-2017-20005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-06T00:00:00",
"db": "VULHUB",
"id": "VHN-394033"
},
{
"date": "2021-10-18T14:55:13",
"db": "PACKETSTORM",
"id": "164541"
},
{
"date": "2021-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-378"
},
{
"date": "2022-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-015095"
},
{
"date": "2021-06-06T22:15:08.417000",
"db": "NVD",
"id": "CVE-2017-20005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-394033"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-378"
},
{
"date": "2022-02-22T07:06:00",
"db": "JVNDB",
"id": "JVNDB-2017-015095"
},
{
"date": "2025-12-05T15:15:49.443000",
"db": "NVD",
"id": "CVE-2017-20005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164541"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-378"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NGINX\u00a0 Integer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-015095"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-378"
}
],
"trust": 0.6
}
}
VAR-201707-1309
Vulnerability from variot - Updated: 2025-04-20 20:24Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. nginx is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to obtain sensitive information or may crash the application resulting in a denial-of-service condition. nginx 0.5.6 through 1.13.2 are vulnerable. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The range filter module is one of the range filter modules.
For the oldstable distribution (jessie), this problem has been fixed in version 1.6.2-5+deb8u5.
For the stable distribution (stretch), this problem has been fixed in version 1.10.3-1+deb9u1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your nginx packages.
Ubuntu Security Notice USN-3352-1 July 13, 2017
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
nginx could be made to expose sensitive information over the network. A remote attacker could use this to expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: nginx-common 1.10.3-1ubuntu3.1 nginx-core 1.10.3-1ubuntu3.1 nginx-extras 1.10.3-1ubuntu3.1 nginx-full 1.10.3-1ubuntu3.1 nginx-light 1.10.3-1ubuntu3.1
Ubuntu 16.10: nginx-common 1.10.1-0ubuntu1.3 nginx-core 1.10.1-0ubuntu1.3 nginx-extras 1.10.1-0ubuntu1.3 nginx-full 1.10.1-0ubuntu1.3 nginx-light 1.10.1-0ubuntu1.3
Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.2 nginx-core 1.10.3-0ubuntu0.16.04.2 nginx-extras 1.10.3-0ubuntu0.16.04.2 nginx-full 1.10.3-0ubuntu0.16.04.2 nginx-light 1.10.3-0ubuntu0.16.04.2
Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.8 nginx-core 1.4.6-1ubuntu3.8 nginx-extras 1.4.6-1ubuntu3.8 nginx-full 1.4.6-1ubuntu3.8 nginx-light 1.4.6-1ubuntu3.8
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Low: rh-nginx110-nginx security update Advisory ID: RHSA-2017:2538-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:2538 Issue date: 2017-08-28 CVE Names: CVE-2017-7529 =====================================================================
- Summary:
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529)
Red Hat would like to thank the Nginx project for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-7529 https://access.redhat.com/security/updates/classification/#low
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZpJOQXlSAg2UNWIIRAmScAJ4wJSfq0I+2JBvww6c9AkJKZx4YAACdHwbT Rf+yBkpEe91OHNNto3rboqM= =rlDh -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-1309",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.13.0"
},
{
"model": "enterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "puppet",
"version": "2017.2.3"
},
{
"model": "enterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "puppet",
"version": "2017.1.1"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.13.2"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "enterprise",
"scope": "lt",
"trust": 1.0,
"vendor": "puppet",
"version": "2016.4.7"
},
{
"model": "enterprise",
"scope": "gte",
"trust": 1.0,
"vendor": "puppet",
"version": "2017.2.1"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.6"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.12.1"
},
{
"model": "enterprise",
"scope": "gte",
"trust": 1.0,
"vendor": "puppet",
"version": "2017.1.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.9,
"vendor": "nginx",
"version": "1.11.12"
},
{
"model": "nginx",
"scope": null,
"trust": 0.8,
"vendor": "igor sysoev",
"version": null
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.11.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.13.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.11.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.11.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.13.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.11.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.13.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.11.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.11.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.7.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.2.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.9.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.8.55"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.8.36"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.7.69"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.6.39"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.2.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.0.0"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.13.3"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.12.1"
}
],
"sources": [
{
"db": "BID",
"id": "99534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-563"
},
{
"db": "NVD",
"id": "CVE-2017-7529"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "99534"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7529",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7529",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-115732",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7529",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7529",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7529",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-7529",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-563",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-115732",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-7529",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115732"
},
{
"db": "VULMON",
"id": "CVE-2017-7529"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-563"
},
{
"db": "NVD",
"id": "CVE-2017-7529"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. nginx is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAttackers can exploit this issue to obtain sensitive information or may crash the application resulting in a denial-of-service condition. \nnginx 0.5.6 through 1.13.2 are vulnerable. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The range filter module is one of the range filter modules. \n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.6.2-5+deb8u5. \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.10.3-1+deb9u1. \n\nFor the unstable distribution (sid), this problem will be fixed soon. \n\nWe recommend that you upgrade your nginx packages. \n==========================================================================\nUbuntu Security Notice USN-3352-1\nJuly 13, 2017\n\nnginx vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nnginx could be made to expose sensitive information over the network. A remote attacker could use this to expose\nsensitive information. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n nginx-common 1.10.3-1ubuntu3.1\n nginx-core 1.10.3-1ubuntu3.1\n nginx-extras 1.10.3-1ubuntu3.1\n nginx-full 1.10.3-1ubuntu3.1\n nginx-light 1.10.3-1ubuntu3.1\n\nUbuntu 16.10:\n nginx-common 1.10.1-0ubuntu1.3\n nginx-core 1.10.1-0ubuntu1.3\n nginx-extras 1.10.1-0ubuntu1.3\n nginx-full 1.10.1-0ubuntu1.3\n nginx-light 1.10.1-0ubuntu1.3\n\nUbuntu 16.04 LTS:\n nginx-common 1.10.3-0ubuntu0.16.04.2\n nginx-core 1.10.3-0ubuntu0.16.04.2\n nginx-extras 1.10.3-0ubuntu0.16.04.2\n nginx-full 1.10.3-0ubuntu0.16.04.2\n nginx-light 1.10.3-0ubuntu0.16.04.2\n\nUbuntu 14.04 LTS:\n nginx-common 1.4.6-1ubuntu3.8\n nginx-core 1.4.6-1ubuntu3.8\n nginx-extras 1.4.6-1ubuntu3.8\n nginx-full 1.4.6-1ubuntu3.8\n nginx-light 1.4.6-1ubuntu3.8\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: rh-nginx110-nginx security update\nAdvisory ID: RHSA-2017:2538-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2538\nIssue date: 2017-08-28\nCVE Names: CVE-2017-7529 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx110-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and\nIMAP protocols, with a strong focus on high concurrency, performance and\nlow memory usage. A remote attacker could possibly\nexploit this flaw to disclose parts of the cache file header, or, if used\nin combination with third party modules, disclose potentially sensitive\nmemory by sending specially crafted HTTP requests. (CVE-2017-7529)\n\nRed Hat would like to thank the Nginx project for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-7529\nhttps://access.redhat.com/security/updates/classification/#low\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZpJOQXlSAg2UNWIIRAmScAJ4wJSfq0I+2JBvww6c9AkJKZx4YAACdHwbT\nRf+yBkpEe91OHNNto3rboqM=\n=rlDh\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7529"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"db": "BID",
"id": "99534"
},
{
"db": "VULHUB",
"id": "VHN-115732"
},
{
"db": "VULMON",
"id": "CVE-2017-7529"
},
{
"db": "PACKETSTORM",
"id": "143348"
},
{
"db": "PACKETSTORM",
"id": "143347"
},
{
"db": "PACKETSTORM",
"id": "143935"
},
{
"db": "PACKETSTORM",
"id": "164240"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-115732",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115732"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7529",
"trust": 3.3
},
{
"db": "BID",
"id": "99534",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1039238",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-563",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164240",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3157",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1701",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143935",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143348",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143347",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-96273",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-115732",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-7529",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115732"
},
{
"db": "VULMON",
"id": "CVE-2017-7529"
},
{
"db": "BID",
"id": "99534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"db": "PACKETSTORM",
"id": "143348"
},
{
"db": "PACKETSTORM",
"id": "143347"
},
{
"db": "PACKETSTORM",
"id": "143935"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-563"
},
{
"db": "NVD",
"id": "CVE-2017-7529"
}
]
},
"id": "VAR-201707-1309",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-115732"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T20:24:47.981000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-7529",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"title": "Nginx range filter Fixes for module digital error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=71698"
},
{
"title": "Ubuntu Security Notice: nginx vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3352-1"
},
{
"title": "Debian Security Advisories: DSA-3908-1 nginx -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=704f48ff7bd09792912d23527ab54543"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: CVE-2017-7529 Integer overflow in the range filter",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a0f173670cb05b0faed5127f8a0445b1"
},
{
"title": "Amazon Linux AMI: ALAS-2017-894",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-894"
},
{
"title": "Red Hat: CVE-2017-7529",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-7529"
},
{
"title": "Arch Linux Advisories: [ASA-201707-12] nginx-mainline: information disclosure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201707-12"
},
{
"title": "Arch Linux Advisories: [ASA-201707-11] nginx: information disclosure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201707-11"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2017-7529"
},
{
"title": "nginxpwner",
"trust": 0.1,
"url": "https://github.com/stark0de/nginxpwner "
},
{
"title": "cve-2017-7529",
"trust": 0.1,
"url": "https://github.com/cved-sources/cve-2017-7529 "
},
{
"title": "nginx-CVE-2017-7529",
"trust": 0.1,
"url": "https://github.com/cyberharsh/nginx-CVE-2017-7529 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-7529"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-563"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115732"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"db": "NVD",
"id": "CVE-2017-7529"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2538"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/99534"
},
{
"trust": 1.7,
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht212818"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/sep/36"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039238"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7529"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212818"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3157"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1701/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://nginx.org/#2017-07-11"
},
{
"trust": 0.3,
"url": "http://nginx.org/en/security_advisories.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3352-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-1ubuntu3.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.10.1-0ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7529"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212818."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115732"
},
{
"db": "BID",
"id": "99534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"db": "PACKETSTORM",
"id": "143348"
},
{
"db": "PACKETSTORM",
"id": "143347"
},
{
"db": "PACKETSTORM",
"id": "143935"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-563"
},
{
"db": "NVD",
"id": "CVE-2017-7529"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-115732"
},
{
"db": "VULMON",
"id": "CVE-2017-7529"
},
{
"db": "BID",
"id": "99534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"db": "PACKETSTORM",
"id": "143348"
},
{
"db": "PACKETSTORM",
"id": "143347"
},
{
"db": "PACKETSTORM",
"id": "143935"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-563"
},
{
"db": "NVD",
"id": "CVE-2017-7529"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-115732"
},
{
"date": "2017-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7529"
},
{
"date": "2017-07-11T00:00:00",
"db": "BID",
"id": "99534"
},
{
"date": "2017-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"date": "2017-07-14T02:16:01",
"db": "PACKETSTORM",
"id": "143348"
},
{
"date": "2017-07-14T02:15:51",
"db": "PACKETSTORM",
"id": "143347"
},
{
"date": "2017-08-28T21:24:00",
"db": "PACKETSTORM",
"id": "143935"
},
{
"date": "2021-09-22T16:28:58",
"db": "PACKETSTORM",
"id": "164240"
},
{
"date": "2017-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-563"
},
{
"date": "2017-07-13T13:29:00.220000",
"db": "NVD",
"id": "CVE-2017-7529"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-115732"
},
{
"date": "2022-01-24T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7529"
},
{
"date": "2017-07-11T00:00:00",
"db": "BID",
"id": "99534"
},
{
"date": "2017-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006088"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-563"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-7529"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "143347"
},
{
"db": "PACKETSTORM",
"id": "143935"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-563"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nginx of range filter Module integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006088"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-563"
}
],
"trust": 0.6
}
}
VAR-201404-0682
Vulnerability from variot - Updated: 2025-04-13 23:18The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. nginx SPDY Implementation 1.5.10 is vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0682",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nginx",
"scope": "eq",
"trust": 1.4,
"vendor": "igor sysoev",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.10"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.5.10"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "1.5.11"
}
],
"sources": [
{
"db": "BID",
"id": "67507"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-576"
},
{
"db": "NVD",
"id": "CVE-2014-0088"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lucas Molas",
"sources": [
{
"db": "BID",
"id": "67507"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0088",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0088",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-67581",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0088",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0088",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-576",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-67581",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-0088",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67581"
},
{
"db": "VULMON",
"id": "CVE-2014-0088"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-576"
},
{
"db": "NVD",
"id": "CVE-2014-0088"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. \nAn attacker can exploit this issue to execute arbitrary code in the context of the affected application. \nnginx SPDY Implementation 1.5.10 is vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0088"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"db": "BID",
"id": "67507"
},
{
"db": "VULHUB",
"id": "VHN-67581"
},
{
"db": "VULMON",
"id": "CVE-2014-0088"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0088",
"trust": 2.9
},
{
"db": "SECTRACK",
"id": "1030150",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201404-576",
"trust": 0.7
},
{
"db": "BID",
"id": "67507",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-67581",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-0088",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67581"
},
{
"db": "VULMON",
"id": "CVE-2014-0088"
},
{
"db": "BID",
"id": "67507"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-576"
},
{
"db": "NVD",
"id": "CVE-2014-0088"
}
]
},
"id": "VAR-201404-0682",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67581"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:18:23.347000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2014-0088",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html"
},
{
"title": "nginx-1.5.11",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=49670"
},
{
"title": "nginx-1.5.11",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=49669"
},
{
"title": "Red Hat: CVE-2014-0088",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0088"
},
{
"title": "usn-search",
"trust": 0.1,
"url": "https://github.com/lukeber4/usn-search "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/aravindb26/new.txt "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0088"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-576"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67581"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"db": "NVD",
"id": "CVE-2014-0088"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1030150"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0088"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0088"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33959"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67581"
},
{
"db": "VULMON",
"id": "CVE-2014-0088"
},
{
"db": "BID",
"id": "67507"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-576"
},
{
"db": "NVD",
"id": "CVE-2014-0088"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-67581"
},
{
"db": "VULMON",
"id": "CVE-2014-0088"
},
{
"db": "BID",
"id": "67507"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-576"
},
{
"db": "NVD",
"id": "CVE-2014-0088"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-67581"
},
{
"date": "2014-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0088"
},
{
"date": "2014-03-04T00:00:00",
"db": "BID",
"id": "67507"
},
{
"date": "2014-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"date": "2014-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-576"
},
{
"date": "2014-04-29T14:38:49.920000",
"db": "NVD",
"id": "CVE-2014-0088"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-67581"
},
{
"date": "2021-11-10T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0088"
},
{
"date": "2014-03-04T00:00:00",
"db": "BID",
"id": "67507"
},
{
"date": "2014-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002327"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-576"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0088"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-576"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx of ngx_http_spdy_module Module SPDY Vulnerabilities in arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002327"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-576"
}
],
"trust": 0.6
}
}
VAR-201412-0611
Vulnerability from variot - Updated: 2025-04-13 23:10nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party with certain rights, Virtual Host Confusion An attack may be executed. nginx is prone to a session-fixation vulnerability. An attacker can exploit this issue to hijack an arbitrary session or gain access to the sensitive information. This may aid in further attacks. nginx 0.5.6 through 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev.
For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy3.
For the testing distribution (jessie), this problem has been fixed in version 1.6.2-1.
For the unstable distribution (sid), this problem has been fixed in version 1.6.2-1.
We recommend that you upgrade your nginx packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJUHRscAAoJEAVMuPMTQ89EGuUP/iedSRE21l/sSyJRUxP5GIoC GjKzrIsbFFDHY9gKH0JUJbVc5ayeEciHLWY7cY119Rlim6/IPpd4T246y4QzPyYd W0tI7eAmmg2zOjCIafubvLHii+FYQ93xSn6Y09CEL9XiHmVxDHS/uDdCBcQKhKaI rXaVc+VAg+I396RcyE6houS1GTPoUmkhJkMKOu4HCutx6foXjT78wLFJEiFLAy9I vVPhZ1+En1PqaJgqry8FEwkreiNF+Lzjb1VLpQzvNzi21uRhz3sPDCy6Y2nkMEhV 4fdYZJKEJGHWC/cdZXCwu5T4lnAZWSB7QYa26yiaUraWO9SrqJw20HgN1YnuGTFf YbeG3qdhMjEYVsdyi0VARtw3yZXfy122/yE0vvaYv0HKFp4Nrzm/5NBysuO+Zcg2 zt422dH9O0bLasJp6lm3tcSzGkfME7Fz63X6/CNupzoFnXcVP+IQpEHYD53+S1mf 3CUPp8sFxauuWuCpMb7hbD8hzYzrPRxB6cRsdAoKxSqTUn+dPOZRFp84tRuW0U5c mBs7DfmfWnnscmTJ/gUbeES+Ac8Tfbrr1Rsz12vAs7onuXxHHH/NSihtsLGYQ17N xzgGSXfgAfnky2J5ZkTOTVE+LvKkoWQX3cq8a+t5JaZjGJZinDkU5CSTOyik80Nr dGeskBuPPhZC1qYrJkyI =XURr -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2351-1 September 22, 2014
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
nginx could be made to expose sensitive information over the network.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.1 nginx-extras 1.4.6-1ubuntu3.1 nginx-full 1.4.6-1ubuntu3.1 nginx-light 1.4.6-1ubuntu3.1 nginx-naxsi 1.4.6-1ubuntu3.1
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2351-1 CVE-2014-3616
Package Information: https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201502-06
http://security.gentoo.org/
Severity: Normal Title: nginx: Information disclosure Date: February 07, 2015 Bugs: #522994 ID: 201502-06
Synopsis
An SSL session fixation vulnerability in nginx may allow remote attackers to obtain sensitive information.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.7.6"
References
[ 1 ] CVE-2014-3616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3616
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201502-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616 http://advisories.mageia.org/MGASA-2014-0136.html http://advisories.mageia.org/MGASA-2014-0427.html
Updated Packages:
Mandriva Business Server 2/X86_64: f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0611",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.7.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.6"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.7.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.5.6 to 1.7.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.7.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.7.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.7.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.7.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.7.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.13"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.1.17"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.14"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.10"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.9"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.8"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.40"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.36"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.35"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.33"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.32"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.15"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.14"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.66"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.65"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.64"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.62"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.61"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.39"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.38"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.36"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.32"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.1.19"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.15"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "70025"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
},
{
"db": "NVD",
"id": "CVE-2014-3616"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Antoine Delignat-Lavaud and Karthikeyan Bhargavan",
"sources": [
{
"db": "BID",
"id": "70025"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
}
],
"trust": 0.9
},
"cve": "CVE-2014-3616",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-3616",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-71556",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3616",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3616",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-1268",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71556",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-3616",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71556"
},
{
"db": "VULMON",
"id": "CVE-2014-3616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
},
{
"db": "NVD",
"id": "CVE-2014-3616"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \"virtual host confusion\" attacks. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party with certain rights, Virtual Host Confusion An attack may be executed. nginx is prone to a session-fixation vulnerability. \nAn attacker can exploit this issue to hijack an arbitrary session or gain access to the sensitive information. This may aid in further attacks. \nnginx 0.5.6 through 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.1-2.2+wheezy3. \n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.6.2-1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.2-1. \n\nWe recommend that you upgrade your nginx packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCgAGBQJUHRscAAoJEAVMuPMTQ89EGuUP/iedSRE21l/sSyJRUxP5GIoC\nGjKzrIsbFFDHY9gKH0JUJbVc5ayeEciHLWY7cY119Rlim6/IPpd4T246y4QzPyYd\nW0tI7eAmmg2zOjCIafubvLHii+FYQ93xSn6Y09CEL9XiHmVxDHS/uDdCBcQKhKaI\nrXaVc+VAg+I396RcyE6houS1GTPoUmkhJkMKOu4HCutx6foXjT78wLFJEiFLAy9I\nvVPhZ1+En1PqaJgqry8FEwkreiNF+Lzjb1VLpQzvNzi21uRhz3sPDCy6Y2nkMEhV\n4fdYZJKEJGHWC/cdZXCwu5T4lnAZWSB7QYa26yiaUraWO9SrqJw20HgN1YnuGTFf\nYbeG3qdhMjEYVsdyi0VARtw3yZXfy122/yE0vvaYv0HKFp4Nrzm/5NBysuO+Zcg2\nzt422dH9O0bLasJp6lm3tcSzGkfME7Fz63X6/CNupzoFnXcVP+IQpEHYD53+S1mf\n3CUPp8sFxauuWuCpMb7hbD8hzYzrPRxB6cRsdAoKxSqTUn+dPOZRFp84tRuW0U5c\nmBs7DfmfWnnscmTJ/gUbeES+Ac8Tfbrr1Rsz12vAs7onuXxHHH/NSihtsLGYQ17N\nxzgGSXfgAfnky2J5ZkTOTVE+LvKkoWQX3cq8a+t5JaZjGJZinDkU5CSTOyik80Nr\ndGeskBuPPhZC1qYrJkyI\n=XURr\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2351-1\nSeptember 22, 2014\n\nnginx vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n\nSummary:\n\nnginx could be made to expose sensitive information over the network. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.1\n nginx-extras 1.4.6-1ubuntu3.1\n nginx-full 1.4.6-1ubuntu3.1\n nginx-light 1.4.6-1ubuntu3.1\n nginx-naxsi 1.4.6-1ubuntu3.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2351-1\n CVE-2014-3616\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.1\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201502-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Information disclosure\n Date: February 07, 2015\n Bugs: #522994\n ID: 201502-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nAn SSL session fixation vulnerability in nginx may allow remote\nattackers to obtain sensitive information. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.7.6\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-3616\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3616\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201502-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616\n http://advisories.mageia.org/MGASA-2014-0136.html\n http://advisories.mageia.org/MGASA-2014-0427.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm \n 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"db": "BID",
"id": "70025"
},
{
"db": "VULHUB",
"id": "VHN-71556"
},
{
"db": "VULMON",
"id": "CVE-2014-3616"
},
{
"db": "PACKETSTORM",
"id": "128332"
},
{
"db": "PACKETSTORM",
"id": "128328"
},
{
"db": "PACKETSTORM",
"id": "130278"
},
{
"db": "PACKETSTORM",
"id": "131099"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71556",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71556"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3616",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268",
"trust": 0.7
},
{
"db": "BID",
"id": "70025",
"trust": 0.5
},
{
"db": "PACKETSTORM",
"id": "128332",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130278",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128328",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-89321",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-71556",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-3616",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131099",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71556"
},
{
"db": "VULMON",
"id": "CVE-2014-3616"
},
{
"db": "BID",
"id": "70025"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"db": "PACKETSTORM",
"id": "128332"
},
{
"db": "PACKETSTORM",
"id": "128328"
},
{
"db": "PACKETSTORM",
"id": "130278"
},
{
"db": "PACKETSTORM",
"id": "131099"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
},
{
"db": "NVD",
"id": "CVE-2014-3616"
}
]
},
"id": "VAR-201412-0611",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71556"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:10:04.651000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-3029",
"trust": 0.8,
"url": "http://www.debian.org/security/2014/dsa-3029"
},
{
"title": "CVE-2014-3616",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"
},
{
"title": "nginx-1.7.5",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=55253"
},
{
"title": "nginx-1.7.5",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=55252"
},
{
"title": "Ubuntu Security Notice: nginx vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2351-1"
},
{
"title": "Debian Security Advisories: DSA-3029-1 nginx -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=3dd41a089230b0ac4671d1b4ec4d3881"
},
{
"title": "Debian CVElist Bug Report Logs: nginx:CVE-2014-3616: possible to reuse cached SSL sessions in unrelated contexts",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=703629f55868e4fc7623e469fe23486b"
},
{
"title": "Amazon Linux AMI: ALAS-2014-421",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-421"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=10ec4e6c24845a17d787b01f883e17a7"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-613",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71556"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"db": "NVD",
"id": "CVE-2014-3616"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.debian.org/security/2014/dsa-3029"
},
{
"trust": 1.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3616"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3616"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3616"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/613.html"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2351-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/70025"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2351-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.1"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201502-06.xml"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3616"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0136.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0133"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0427.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0133"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71556"
},
{
"db": "VULMON",
"id": "CVE-2014-3616"
},
{
"db": "BID",
"id": "70025"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"db": "PACKETSTORM",
"id": "128332"
},
{
"db": "PACKETSTORM",
"id": "128328"
},
{
"db": "PACKETSTORM",
"id": "130278"
},
{
"db": "PACKETSTORM",
"id": "131099"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
},
{
"db": "NVD",
"id": "CVE-2014-3616"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71556"
},
{
"db": "VULMON",
"id": "CVE-2014-3616"
},
{
"db": "BID",
"id": "70025"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"db": "PACKETSTORM",
"id": "128332"
},
{
"db": "PACKETSTORM",
"id": "128328"
},
{
"db": "PACKETSTORM",
"id": "130278"
},
{
"db": "PACKETSTORM",
"id": "131099"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
},
{
"db": "NVD",
"id": "CVE-2014-3616"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-71556"
},
{
"date": "2014-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3616"
},
{
"date": "2014-08-06T00:00:00",
"db": "BID",
"id": "70025"
},
{
"date": "2014-12-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"date": "2014-09-22T20:19:12",
"db": "PACKETSTORM",
"id": "128332"
},
{
"date": "2014-09-22T20:18:28",
"db": "PACKETSTORM",
"id": "128328"
},
{
"date": "2015-02-09T17:00:47",
"db": "PACKETSTORM",
"id": "130278"
},
{
"date": "2015-03-30T21:26:01",
"db": "PACKETSTORM",
"id": "131099"
},
{
"date": "2014-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1268"
},
{
"date": "2014-12-08T11:59:03.390000",
"db": "NVD",
"id": "CVE-2014-3616"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-71556"
},
{
"date": "2020-11-16T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3616"
},
{
"date": "2015-04-13T21:39:00",
"db": "BID",
"id": "70025"
},
{
"date": "2014-12-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005829"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1268"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3616"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "130278"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx In Virtual Host Confusion Attacked vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005829"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1268"
}
],
"trust": 0.6
}
}
VAR-201403-0548
Vulnerability from variot - Updated: 2025-04-13 23:10Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. nginx is prone to a heap-based buffer-overflow vulnerability. Successful exploitation of this issue allow an attacker to execute arbitrary code in the context of the application, failed exploit attempts may lead to denial-of-service. nginx 1.3.15 through 1.4.7 and 1.5.0 through 1.5.12 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-20
http://security.gentoo.org/
Severity: Normal Title: nginx: Arbitrary code execution Date: June 22, 2014 Bugs: #505018 ID: 201406-20
Synopsis
A vulnerability has been found in nginx which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server. The SPDY implementation is not enabled in default configurations.
Workaround
Disable the spdy module in NGINX_MODULES_HTTP.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.7"
References
[ 1 ] CVE-2014-0133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0133
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-20.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position (CVE-2014-3616).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616 http://advisories.mageia.org/MGASA-2014-0136.html http://advisories.mageia.org/MGASA-2014-0427.html
Updated Packages:
Mandriva Business Server 2/X86_64: f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFnUlmqjQ0CJFipgRAvneAJ0evtNmMhS+lWltq9051wHRR6vuDgCg3BW0 x8jC+tKifZWs8shTG2EYzgo= =oIRY -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0548",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "opensuse",
"scope": "eq",
"trust": 1.4,
"vendor": "novell",
"version": "13.1"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.11"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.4.7"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.15"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.4.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.5.12"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.5.x"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.3.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.4.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.4.2"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "66537"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-536"
},
{
"db": "NVD",
"id": "CVE-2014-0133"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:novell:opensuse",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lucas Molas",
"sources": [
{
"db": "BID",
"id": "66537"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0133",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0133",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0133",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-67626",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0133",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0133",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-536",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-67626",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67626"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-536"
},
{
"db": "NVD",
"id": "CVE-2014-0133"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. nginx is prone to a heap-based buffer-overflow vulnerability. \nSuccessful exploitation of this issue allow an attacker to execute arbitrary code in the context of the application, failed exploit attempts may lead to denial-of-service. \nnginx 1.3.15 through 1.4.7 and 1.5.0 through 1.5.12 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201406-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Arbitrary code execution\n Date: June 22, 2014\n Bugs: #505018\n ID: 201406-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability has been found in nginx which may allow execution of\narbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. The SPDY implementation is not enabled in default\nconfigurations. \n\nWorkaround\n==========\n\nDisable the spdy module in NGINX_MODULES_HTTP. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.4.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0133\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0133\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201406-20.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n \n Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\n it was possible to reuse cached SSL sessions in unrelated contexts,\n allowing virtual host confusion attacks in some configurations by an\n attacker in a privileged network position (CVE-2014-3616). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616\n http://advisories.mageia.org/MGASA-2014-0136.html\n http://advisories.mageia.org/MGASA-2014-0427.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm \n 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFnUlmqjQ0CJFipgRAvneAJ0evtNmMhS+lWltq9051wHRR6vuDgCg3BW0\nx8jC+tKifZWs8shTG2EYzgo=\n=oIRY\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0133"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"db": "BID",
"id": "66537"
},
{
"db": "VULHUB",
"id": "VHN-67626"
},
{
"db": "PACKETSTORM",
"id": "127175"
},
{
"db": "PACKETSTORM",
"id": "131099"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0133",
"trust": 3.0
},
{
"db": "BID",
"id": "66537",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001833",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201403-536",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "127175",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "131099",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-67626",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67626"
},
{
"db": "BID",
"id": "66537"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"db": "PACKETSTORM",
"id": "127175"
},
{
"db": "PACKETSTORM",
"id": "131099"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-536"
},
{
"db": "NVD",
"id": "CVE-2014-0133"
}
]
},
"id": "VAR-201403-0548",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67626"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:10:04.611000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "openSUSE-SU-2014:0450",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html"
},
{
"title": "CVE-2014-0133",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
},
{
"title": "nginx-1.4.7-3.9.1.x86_64",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48927"
},
{
"title": "nginx-1.4.7-3.9.1.src",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48926"
},
{
"title": "nginx-1.5.12",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48924"
},
{
"title": "nginx-1.4.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48923"
},
{
"title": "nginx-1.4.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48922"
},
{
"title": "nginx-1.5.12",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48925"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-536"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67626"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"db": "NVD",
"id": "CVE-2014-0133"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/66537"
},
{
"trust": 1.7,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0133"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0133"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0133"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201406-20.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0133"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0136.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3616"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0427.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3616"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67626"
},
{
"db": "BID",
"id": "66537"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"db": "PACKETSTORM",
"id": "127175"
},
{
"db": "PACKETSTORM",
"id": "131099"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-536"
},
{
"db": "NVD",
"id": "CVE-2014-0133"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-67626"
},
{
"db": "BID",
"id": "66537"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"db": "PACKETSTORM",
"id": "127175"
},
{
"db": "PACKETSTORM",
"id": "131099"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-536"
},
{
"db": "NVD",
"id": "CVE-2014-0133"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-67626"
},
{
"date": "2014-03-18T00:00:00",
"db": "BID",
"id": "66537"
},
{
"date": "2014-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"date": "2014-06-24T00:56:14",
"db": "PACKETSTORM",
"id": "127175"
},
{
"date": "2015-03-30T21:26:01",
"db": "PACKETSTORM",
"id": "131099"
},
{
"date": "2014-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-536"
},
{
"date": "2014-03-28T15:55:08.607000",
"db": "NVD",
"id": "CVE-2014-0133"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-67626"
},
{
"date": "2014-06-23T06:45:00",
"db": "BID",
"id": "66537"
},
{
"date": "2014-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001833"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-536"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0133"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-536"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx of SPDY Implementation of heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001833"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-536"
}
],
"trust": 0.6
}
}
VAR-201606-0476
Vulnerability from variot - Updated: 2025-04-13 21:51os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. nginx is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions. nginx 1.3.9 through 1.11.0 are vulnerable. A security vulnerability exists in the os/unix/ngx_files.c file of nginx versions prior to 1.10.1 and versions 1.11.x prior to 1.11.1. ========================================================================== Ubuntu Security Notice USN-2991-1 June 02, 2016
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
nginx could be made to crash if it received specially crafted network traffic.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: nginx-core 1.10.0-0ubuntu0.16.04.2 nginx-extras 1.10.0-0ubuntu0.16.04.2 nginx-full 1.10.0-0ubuntu0.16.04.2 nginx-light 1.10.0-0ubuntu0.16.04.2
Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.2 nginx-extras 1.9.3-1ubuntu1.2 nginx-full 1.9.3-1ubuntu1.2 nginx-light 1.9.3-1ubuntu1.2
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.5 nginx-extras 1.4.6-1ubuntu3.5 nginx-full 1.4.6-1ubuntu3.5 nginx-light 1.4.6-1ubuntu3.5
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1). (CVE-2016-4450)
-
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. (CVE-2016-0742)
-
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration. (CVE-2016-0746)
-
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. (CVE-2016-0747)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
For the stable distribution (jessie), this problem has been fixed in version 1.6.2-5+deb8u2.
For the unstable distribution (sid), this problem has been fixed in version 1.10.1-1.
We recommend that you upgrade your nginx packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0476",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.10.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.11.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.11.1"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "16.04 lts"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "of 1.11.x"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "14.04 lts"
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "8.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.10"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.9.1"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.9"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.8.1"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.7.5"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.7.3"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.0.1"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.9.2"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.11.1"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.10.1"
},
{
"model": "aspera shares",
"scope": "ne",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.9.6"
},
{
"model": "aspera shares",
"scope": "ne",
"trust": 0.3,
"vendor": "asperasoft",
"version": "1.9.4"
}
],
"sources": [
{
"db": "BID",
"id": "90967"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-010"
},
{
"db": "NVD",
"id": "CVE-2016-4450"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "90967"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4450",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4450",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-93269",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-4450",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-4450",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4450",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-4450",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-010",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-93269",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93269"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-010"
},
{
"db": "NVD",
"id": "CVE-2016-4450"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. nginx is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions. \nnginx 1.3.9 through 1.11.0 are vulnerable. A security vulnerability exists in the os/unix/ngx_files.c file of nginx versions prior to 1.10.1 and versions 1.11.x prior to 1.11.1. ==========================================================================\nUbuntu Security Notice USN-2991-1\nJune 02, 2016\n\nnginx vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nnginx could be made to crash if it received specially crafted network\ntraffic. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n nginx-core 1.10.0-0ubuntu0.16.04.2\n nginx-extras 1.10.0-0ubuntu0.16.04.2\n nginx-full 1.10.0-0ubuntu0.16.04.2\n nginx-light 1.10.0-0ubuntu0.16.04.2\n\nUbuntu 15.10:\n nginx-core 1.9.3-1ubuntu1.2\n nginx-extras 1.9.3-1ubuntu1.2\n nginx-full 1.9.3-1ubuntu1.2\n nginx-light 1.9.3-1ubuntu1.2\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.5\n nginx-extras 1.4.6-1ubuntu3.5\n nginx-full 1.4.6-1ubuntu3.5\n nginx-light 1.4.6-1ubuntu3.5\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2016:1425-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1425\nIssue date: 2016-07-14\nCVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 \n CVE-2016-4450 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web and proxy server with a focus on high concurrency,\nperformance, and low memory usage. \n\nThe following packages have been upgraded to a newer upstream version:\nrh-nginx18-nginx (1.8.1). (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and\ndereference an invalid pointer when resolving CNAME DNS records. An\nattacker able to manipulate DNS responses received by nginx could use this\nflaw to cause a worker process to crash if nginx enabled the resolver in\nits configuration. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME\nDNS records. An attacker able to manipulate DNS responses received by nginx\ncould use this flaw to cause a worker process to crash or, possibly,\nexecute arbitrary code if nginx enabled the resolver in its configuration. \n(CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME\nDNS records. An attacker able to manipulate DNS responses received by nginx\ncould use this flaw to cause a worker process to use an excessive amount of\nresources if nginx enabled the resolver in its configuration. \n(CVE-2016-0747)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0742\nhttps://access.redhat.com/security/cve/CVE-2016-0746\nhttps://access.redhat.com/security/cve/CVE-2016-0747\nhttps://access.redhat.com/security/cve/CVE-2016-4450\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp\nZhbDRXs2sdXbnakZ6oJi/K8=\n=7RBd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.6.2-5+deb8u2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.10.1-1. \n\nWe recommend that you upgrade your nginx packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4450"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"db": "BID",
"id": "90967"
},
{
"db": "VULHUB",
"id": "VHN-93269"
},
{
"db": "PACKETSTORM",
"id": "137296"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "137286"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4450",
"trust": 3.2
},
{
"db": "BID",
"id": "90967",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1036019",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003032",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-010",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1717",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "137286",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "137296",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-93269",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137908",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137518",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93269"
},
{
"db": "BID",
"id": "90967"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"db": "PACKETSTORM",
"id": "137296"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "137286"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-010"
},
{
"db": "NVD",
"id": "CVE-2016-4450"
}
]
},
"id": "VAR-201606-0476",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93269"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T21:51:37.925000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-3592",
"trust": 0.8,
"url": "http://www.debian.org/security/2016/dsa-3592"
},
{
"title": "USN-2991-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-2991-1/"
},
{
"title": "CVE-2016-4450",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html"
},
{
"title": "nginx Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=62036"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-010"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93269"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"db": "NVD",
"id": "CVE-2016-4450"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201606-06"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2016:1425"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-2991-1"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/90967"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2016/dsa-3592"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1036019"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4450"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4450"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1717/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341462"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.10.0-0ubuntu0.16.04.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0746"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93269"
},
{
"db": "BID",
"id": "90967"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"db": "PACKETSTORM",
"id": "137296"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "137286"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-010"
},
{
"db": "NVD",
"id": "CVE-2016-4450"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93269"
},
{
"db": "BID",
"id": "90967"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"db": "PACKETSTORM",
"id": "137296"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "137286"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-010"
},
{
"db": "NVD",
"id": "CVE-2016-4450"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-93269"
},
{
"date": "2016-05-31T00:00:00",
"db": "BID",
"id": "90967"
},
{
"date": "2016-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"date": "2016-06-02T16:24:00",
"db": "PACKETSTORM",
"id": "137296"
},
{
"date": "2016-07-14T20:08:00",
"db": "PACKETSTORM",
"id": "137908"
},
{
"date": "2016-06-17T23:50:23",
"db": "PACKETSTORM",
"id": "137518"
},
{
"date": "2016-06-01T23:31:23",
"db": "PACKETSTORM",
"id": "137286"
},
{
"date": "2016-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-010"
},
{
"date": "2016-06-07T14:06:14.200000",
"db": "NVD",
"id": "CVE-2016-4450"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-93269"
},
{
"date": "2016-10-26T00:19:00",
"db": "BID",
"id": "90967"
},
{
"date": "2016-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003032"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-010"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-4450"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "137296"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-010"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx of os/unix/ngx_files.c Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003032"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-010"
}
],
"trust": 0.6
}
}
VAR-201602-0392
Vulnerability from variot - Updated: 2025-04-13 20:55Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. There is a use-after-free vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if the "resolver" directive is used in a configuration file.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.1-2.2+wheezy4.
For the stable distribution (jessie), these problems have been fixed in version 1.6.2-5+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1.9.10-1.
For the unstable distribution (sid), these problems have been fixed in version 1.9.10-1.
We recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).
Security Fix(es):
-
A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. (CVE-2016-4450)
-
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742)
-
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. (CVE-2016-0746)
-
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. (CVE-2016-0747)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver 1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver 1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver 1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2892-1 February 09, 2016
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx. (CVE-2016-0747)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.1 nginx-extras 1.9.3-1ubuntu1.1 nginx-full 1.9.3-1ubuntu1.1 nginx-light 1.9.3-1ubuntu1.1
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.4 nginx-extras 1.4.6-1ubuntu3.4 nginx-full 1.4.6-1ubuntu3.4 nginx-light 1.4.6-1ubuntu3.4 nginx-naxsi 1.4.6-1ubuntu3.4
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0392",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.1"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.8.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.9,
"vendor": "nginx",
"version": "1.9.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.9.x"
},
{
"model": "leap",
"scope": "eq",
"trust": 0.8,
"vendor": "novell",
"version": "42.1"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "14.04 lts"
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "8.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.9.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.0"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8.1"
}
],
"sources": [
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-058"
},
{
"db": "NVD",
"id": "CVE-2016-0746"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:novell:leap",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "82230"
}
],
"trust": 0.3
},
"cve": "CVE-2016-0746",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-0746",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-88256",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-0746",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0746",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-0746",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-058",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-88256",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-0746",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88256"
},
{
"db": "VULMON",
"id": "CVE-2016-0746"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-058"
},
{
"db": "NVD",
"id": "CVE-2016-0746"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. There is a use-after-free vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if\nthe \"resolver\" directive is used in a configuration file. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.1-2.2+wheezy4. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.6.2-5+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.9.10-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.10-1. \n\nWe recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2016:1425-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1425\nIssue date: 2016-07-14\nCVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 \n CVE-2016-4450 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web and proxy server with a focus on high concurrency,\nperformance, and low memory usage. \n\nThe following packages have been upgraded to a newer upstream version:\nrh-nginx18-nginx (1.8.1). \n\nSecurity Fix(es):\n\n* A NULL pointer dereference flaw was found in the nginx code responsible\nfor saving client request body to a temporary file. (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and\ndereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME\nDNS records. \n(CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME\nDNS records. \n(CVE-2016-0747)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver\n1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver\n1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver\n1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0742\nhttps://access.redhat.com/security/cve/CVE-2016-0746\nhttps://access.redhat.com/security/cve/CVE-2016-0747\nhttps://access.redhat.com/security/cve/CVE-2016-4450\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp\nZhbDRXs2sdXbnakZ6oJi/K8=\n=7RBd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2892-1\nFebruary 09, 2016\n\nnginx vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n(CVE-2016-0747)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n nginx-core 1.9.3-1ubuntu1.1\n nginx-extras 1.9.3-1ubuntu1.1\n nginx-full 1.9.3-1ubuntu1.1\n nginx-light 1.9.3-1ubuntu1.1\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.4\n nginx-extras 1.4.6-1ubuntu3.4\n nginx-full 1.4.6-1ubuntu3.4\n nginx-light 1.4.6-1ubuntu3.4\n nginx-naxsi 1.4.6-1ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0746"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "VULHUB",
"id": "VHN-88256"
},
{
"db": "VULMON",
"id": "CVE-2016-0746"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0746",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1034869",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-058",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164240",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3157",
"trust": 0.6
},
{
"db": "BID",
"id": "82230",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-88256",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0746",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135738",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137908",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137518",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135684",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88256"
},
{
"db": "VULMON",
"id": "CVE-2016-0746"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-058"
},
{
"db": "NVD",
"id": "CVE-2016-0746"
}
]
},
"id": "VAR-201602-0392",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88256"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T20:55:52.734000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-3473",
"trust": 0.8,
"url": "http://www.debian.org/security/2016/dsa-3473"
},
{
"title": "openSUSE-SU-2016:0371",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
},
{
"title": "Bug 1302588",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588"
},
{
"title": "USN-2892-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-2892-1/"
},
{
"title": "CVE-2016-0742, CVE-2016-0746, CVE-2016-0747",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"
},
{
"title": "nginx resolver Remediation measures for reusing vulnerabilities after release",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60055"
},
{
"title": "Ubuntu Security Notice: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2892-1"
},
{
"title": "Red Hat: CVE-2016-0746",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0746"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=10ec4e6c24845a17d787b01f883e17a7"
},
{
"title": "Amazon Linux AMI: ALAS-2016-655",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-655"
},
{
"title": "Symantec Security Advisories: SA115 : Multiple nginx DNS resolver vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=4df1d4c41a5a305df81d1cff15b6d5a3"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0746"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-058"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88256"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"db": "NVD",
"id": "CVE-2016-0746"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201606-06"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2016:1425"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2892-1"
},
{
"trust": 1.8,
"url": "https://bto.bluecoat.com/security-advisory/sa115"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht212818"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2016/dsa-3473"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2021/sep/36"
},
{
"trust": 1.8,
"url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034869"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0746"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0746"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212818"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3157"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.10431541.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.85903129.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.107423490.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237"
},
{
"trust": 0.3,
"url": "https://support.asperasoft.com/hc/en-us/articles/229846687-security-bulletin-multiple-vulnerabilities-with-the-nginx-web-server-used-in-ibm-aspera-shares-1-9-2-earlier"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2892-1/"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/82230"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0746"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212818."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88256"
},
{
"db": "VULMON",
"id": "CVE-2016-0746"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-058"
},
{
"db": "NVD",
"id": "CVE-2016-0746"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88256"
},
{
"db": "VULMON",
"id": "CVE-2016-0746"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-058"
},
{
"db": "NVD",
"id": "CVE-2016-0746"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-15T00:00:00",
"db": "VULHUB",
"id": "VHN-88256"
},
{
"date": "2016-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0746"
},
{
"date": "2016-01-29T00:00:00",
"db": "BID",
"id": "82230"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"date": "2016-02-12T19:22:00",
"db": "PACKETSTORM",
"id": "135738"
},
{
"date": "2016-07-14T20:08:00",
"db": "PACKETSTORM",
"id": "137908"
},
{
"date": "2016-06-17T23:50:23",
"db": "PACKETSTORM",
"id": "137518"
},
{
"date": "2016-02-10T03:55:35",
"db": "PACKETSTORM",
"id": "135684"
},
{
"date": "2021-09-22T16:28:58",
"db": "PACKETSTORM",
"id": "164240"
},
{
"date": "2016-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-058"
},
{
"date": "2016-02-15T19:59:01.157000",
"db": "NVD",
"id": "CVE-2016-0746"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88256"
},
{
"date": "2021-09-22T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0746"
},
{
"date": "2016-10-26T00:01:00",
"db": "BID",
"id": "82230"
},
{
"date": "2016-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001744"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-058"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0746"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-058"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Service disruption in other resolvers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001744"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-058"
}
],
"trust": 0.6
}
}
VAR-201412-0610
Vulnerability from variot - Updated: 2025-04-13 19:56The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. This vulnerability CVE-2011-0411 It is a similar problem. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. nginx is prone to a remote command-injection vulnerability. Attackers can exploit this issue to inject commands into SSL sessions and disclose sensitive information. Versions prior to nginx 1.6.1 and 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability stems from the fact that the program does not properly limit I/O buffering. The following versions are affected: nginx version 1.5.x, version 1.6.0, version 1.6.1, version 1.7.0 to version 1.7.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04533567
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04533567 Version: 1
HPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information, Denial of Service (DoS) and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-01-10 Last Updated: 2015-01-10
Potential Security Impact: Remote disclosure of information, Denial of Service (DoS) and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP SSL for OpenVMS. These vulnerabilities could be remotely exploited to create a remote disclosure of information, Denial of Service, and other vulnerabilities.
References:
CVE-2014-3556 - cryptographic issues (CWE-310) CVE-2014-3567 - remote Denial of Service (DoS) (CWE-20, CWE-399) CVE-2014-3568 - cryptographic issues (CWE-310) SSRT101779
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS - All versions prior to Version 1.4-495
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP SSL Version 1.4-495 for OpenVMS is based on Open Source OpenSSL version 0.9.8zc and includes the latest security updates from OpenSSL.org.
HP has made the following patch kit available to resolve the vulnerabilities.
The HP SSL Version 1.4-495 for OpenVMS is available from the following locations:
OpenVMS HP SSL website: http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
The HP SSL Version 1.4-495 for OpenVMS kits for both Integrity and Alpha platforms have been uploaded to HP Support Center website. Customers can access the kits from Patch Management page.
Go to https://h20566.www2.hp.com/portal/site/hpsc/patch/home/
Login using your HP Passport account
Search for the Patch Kit Name from the table below
HP SSL Version OpenVMS Platform Patch Kit Name
V1.4-495 Alpha
OpenVMS V8.3, V8.4 HP-AXPVMS-SSL-V0104
V1.4-495 ITANIUM
OpenVMS V8.3, V8.3-1H1, V8.4 HP-I64VMS-SSL-V0104
HISTORY Version:1 (rev.1) - 10 December 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlSwdq4ACgkQ4B86/C0qfVmlZgCg825/1F8UumLLhYt0pKaqeN5n Fj0AoJvSKKRxuu+/ayOhqr97QoDWGTSX =ZBgU -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0610",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.6.1"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.7.4"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.7.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.7.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.5.x"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.7.x"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.6.x"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.6.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.5.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-095"
},
{
"db": "NVD",
"id": "CVE-2014-3556"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Boulton",
"sources": [
{
"db": "BID",
"id": "69111"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3556",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-3556",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-3556",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-71496",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3556",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3556",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-095",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-71496",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71496"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-095"
},
{
"db": "NVD",
"id": "CVE-2014-3556"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411. This vulnerability CVE-2011-0411 It is a similar problem. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. nginx is prone to a remote command-injection vulnerability. \nAttackers can exploit this issue to inject commands into SSL sessions and disclose sensitive information. \nVersions prior to nginx 1.6.1 and 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability stems from the fact that the program does not properly limit I/O buffering. The following versions are affected: nginx version 1.5.x, version 1.6.0, version 1.6.1, version 1.7.0 to version 1.7.3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04533567\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04533567\nVersion: 1\n\nHPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information,\nDenial of Service (DoS) and Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-01-10\nLast Updated: 2015-01-10\n\n- -----------------------------------------------------------------------------\n\nPotential Security Impact: Remote disclosure of information, Denial of\nService (DoS) and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP SSL for\nOpenVMS. These vulnerabilities could be remotely exploited to create a remote\ndisclosure of information, Denial of Service, and other vulnerabilities. \n\nReferences:\n\nCVE-2014-3556 - cryptographic issues (CWE-310)\nCVE-2014-3567 - remote Denial of Service (DoS) (CWE-20, CWE-399)\nCVE-2014-3568 - cryptographic issues (CWE-310)\nSSRT101779\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL for OpenVMS - All versions prior to Version 1.4-495\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP SSL Version 1.4-495 for OpenVMS is based on Open Source OpenSSL version\n0.9.8zc and includes the latest security updates from OpenSSL.org. \n\nHP has made the following patch kit available to resolve the vulnerabilities. \n\nThe HP SSL Version 1.4-495 for OpenVMS is available from the following\nlocations:\n\nOpenVMS HP SSL website:\nhttp://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\nThe HP SSL Version 1.4-495 for OpenVMS kits for both Integrity and Alpha\nplatforms have been uploaded to HP Support Center website. Customers can\naccess the kits from Patch Management page. \n\nGo to https://h20566.www2.hp.com/portal/site/hpsc/patch/home/\n\nLogin using your HP Passport account\n\nSearch for the Patch Kit Name from the table below\n\nHP SSL Version OpenVMS\n Platform\n Patch Kit Name\n\nV1.4-495\n Alpha\n\nOpenVMS V8.3, V8.4\n HP-AXPVMS-SSL-V0104\n\nV1.4-495\n ITANIUM\n\nOpenVMS V8.3, V8.3-1H1, V8.4\n HP-I64VMS-SSL-V0104\n\nHISTORY\nVersion:1 (rev.1) - 10 December 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlSwdq4ACgkQ4B86/C0qfVmlZgCg825/1F8UumLLhYt0pKaqeN5n\nFj0AoJvSKKRxuu+/ayOhqr97QoDWGTSX\n=ZBgU\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3556"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"db": "BID",
"id": "69111"
},
{
"db": "VULHUB",
"id": "VHN-71496"
},
{
"db": "PACKETSTORM",
"id": "129877"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71496",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71496"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3556",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007439",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201408-095",
"trust": 0.7
},
{
"db": "BID",
"id": "69111",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "129877",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-71496",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71496"
},
{
"db": "BID",
"id": "69111"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"db": "PACKETSTORM",
"id": "129877"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-095"
},
{
"db": "NVD",
"id": "CVE-2014-3556"
}
]
},
"id": "VAR-201412-0610",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71496"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T19:56:37.390000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBOV03227",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"title": "http://nginx.org/download/patch.2014.starttls.txt",
"trust": 0.8,
"url": "http://nginx.org/download/patch.2014.starttls.txt"
},
{
"title": "Bug 1126891",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126891"
},
{
"title": "CVE-2014-3556",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html"
},
{
"title": "nginx-1.6.1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=53046"
},
{
"title": "nginx-1.7.4",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=53049"
},
{
"title": "nginx-1.7.4",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=53048"
},
{
"title": "nginx-1.6.1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=53047"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-095"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71496"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"db": "NVD",
"id": "CVE-2014-3556"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://nginx.org/download/patch.2014.starttls.txt"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126891"
},
{
"trust": 1.7,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3556"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3556"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142103967620673\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/patch/home/"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3556"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71496"
},
{
"db": "BID",
"id": "69111"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"db": "PACKETSTORM",
"id": "129877"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-095"
},
{
"db": "NVD",
"id": "CVE-2014-3556"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71496"
},
{
"db": "BID",
"id": "69111"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"db": "PACKETSTORM",
"id": "129877"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-095"
},
{
"db": "NVD",
"id": "CVE-2014-3556"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-71496"
},
{
"date": "2014-08-07T00:00:00",
"db": "BID",
"id": "69111"
},
{
"date": "2015-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"date": "2015-01-12T17:14:20",
"db": "PACKETSTORM",
"id": "129877"
},
{
"date": "2014-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-095"
},
{
"date": "2014-12-29T20:59:03.943000",
"db": "NVD",
"id": "CVE-2014-3556"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-71496"
},
{
"date": "2014-08-07T00:00:00",
"db": "BID",
"id": "69111"
},
{
"date": "2015-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007439"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-095"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3556"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "129877"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-095"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx of SMTP proxy of mail/ngx_mail_smtp_handler.c of STARTTLS Encrypted in implementation SMTP Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007439"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-095"
}
],
"trust": 0.6
}
}
VAR-201602-0393
Vulnerability from variot - Updated: 2025-04-13 19:41The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. There are security vulnerabilities in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if the "resolver" directive is used in a configuration file.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.1-2.2+wheezy4.
For the stable distribution (jessie), these problems have been fixed in version 1.6.2-5+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1.9.10-1.
For the unstable distribution (sid), these problems have been fixed in version 1.9.10-1.
We recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).
Security Fix(es):
-
A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. (CVE-2016-4450)
-
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742)
-
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. (CVE-2016-0746)
-
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. (CVE-2016-0747)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2892-1 February 09, 2016
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx. (CVE-2016-0747)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.1 nginx-extras 1.9.3-1ubuntu1.1 nginx-full 1.9.3-1ubuntu1.1 nginx-light 1.9.3-1ubuntu1.1
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.4 nginx-extras 1.4.6-1ubuntu3.4 nginx-full 1.4.6-1ubuntu3.4 nginx-light 1.4.6-1ubuntu3.4 nginx-naxsi 1.4.6-1ubuntu3.4
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0393",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "8.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.4,
"vendor": "novell",
"version": "42.1"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.1"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.8.1"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.9.x"
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "1.2"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "14.04 lts"
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "8.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.0"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8.1"
}
],
"sources": [
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-057"
},
{
"db": "NVD",
"id": "CVE-2016-0742"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:novell:leap",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "82230"
}
],
"trust": 0.3
},
"cve": "CVE-2016-0742",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-0742",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-88252",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-0742",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0742",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0742",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-057",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88252",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-0742",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88252"
},
{
"db": "VULMON",
"id": "CVE-2016-0742"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-057"
},
{
"db": "NVD",
"id": "CVE-2016-0742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. There are security vulnerabilities in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if\nthe \"resolver\" directive is used in a configuration file. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.1-2.2+wheezy4. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.6.2-5+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.9.10-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.10-1. \n\nWe recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2016:1425-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1425\nIssue date: 2016-07-14\nCVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 \n CVE-2016-4450 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web and proxy server with a focus on high concurrency,\nperformance, and low memory usage. \n\nThe following packages have been upgraded to a newer upstream version:\nrh-nginx18-nginx (1.8.1). \n\nSecurity Fix(es):\n\n* A NULL pointer dereference flaw was found in the nginx code responsible\nfor saving client request body to a temporary file. (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and\ndereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME\nDNS records. \n(CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME\nDNS records. \n(CVE-2016-0747)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0742\nhttps://access.redhat.com/security/cve/CVE-2016-0746\nhttps://access.redhat.com/security/cve/CVE-2016-0747\nhttps://access.redhat.com/security/cve/CVE-2016-4450\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp\nZhbDRXs2sdXbnakZ6oJi/K8=\n=7RBd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2892-1\nFebruary 09, 2016\n\nnginx vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n(CVE-2016-0747)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n nginx-core 1.9.3-1ubuntu1.1\n nginx-extras 1.9.3-1ubuntu1.1\n nginx-full 1.9.3-1ubuntu1.1\n nginx-light 1.9.3-1ubuntu1.1\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.4\n nginx-extras 1.4.6-1ubuntu3.4\n nginx-full 1.4.6-1ubuntu3.4\n nginx-light 1.4.6-1ubuntu3.4\n nginx-naxsi 1.4.6-1ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0742"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "VULHUB",
"id": "VHN-88252"
},
{
"db": "VULMON",
"id": "CVE-2016-0742"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0742",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1034869",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-057",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164240",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3157",
"trust": 0.6
},
{
"db": "BID",
"id": "82230",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "137908",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135684",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "137518",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135738",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-88252",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0742",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88252"
},
{
"db": "VULMON",
"id": "CVE-2016-0742"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-057"
},
{
"db": "NVD",
"id": "CVE-2016-0742"
}
]
},
"id": "VAR-201602-0393",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88252"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T19:41:48.713000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-3473",
"trust": 0.8,
"url": "http://www.debian.org/security/2016/dsa-3473"
},
{
"title": "openSUSE-SU-2016:0371",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
},
{
"title": "Bug 1302587",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587"
},
{
"title": "USN-2892-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-2892-1/"
},
{
"title": "nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"
},
{
"title": "nginx resolver Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60054"
},
{
"title": "Ubuntu Security Notice: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2892-1"
},
{
"title": "Red Hat: CVE-2016-0742",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0742"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=10ec4e6c24845a17d787b01f883e17a7"
},
{
"title": "Amazon Linux AMI: ALAS-2016-655",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-655"
},
{
"title": "Symantec Security Advisories: SA115 : Multiple nginx DNS resolver vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=4df1d4c41a5a305df81d1cff15b6d5a3"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0742"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-057"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88252"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"db": "NVD",
"id": "CVE-2016-0742"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201606-06"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2016:1425"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2892-1"
},
{
"trust": 1.8,
"url": "https://bto.bluecoat.com/security-advisory/sa115"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht212818"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2016/dsa-3473"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2021/sep/36"
},
{
"trust": 1.8,
"url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034869"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0742"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0742"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212818"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3157"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.10431541.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.85903129.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.107423490.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237"
},
{
"trust": 0.3,
"url": "https://support.asperasoft.com/hc/en-us/articles/229846687-security-bulletin-multiple-vulnerabilities-with-the-nginx-web-server-used-in-ibm-aspera-shares-1-9-2-earlier"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2892-1/"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/82230"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0746"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212818."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88252"
},
{
"db": "VULMON",
"id": "CVE-2016-0742"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-057"
},
{
"db": "NVD",
"id": "CVE-2016-0742"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88252"
},
{
"db": "VULMON",
"id": "CVE-2016-0742"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-057"
},
{
"db": "NVD",
"id": "CVE-2016-0742"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-15T00:00:00",
"db": "VULHUB",
"id": "VHN-88252"
},
{
"date": "2016-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0742"
},
{
"date": "2016-01-29T00:00:00",
"db": "BID",
"id": "82230"
},
{
"date": "2016-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"date": "2016-02-12T19:22:00",
"db": "PACKETSTORM",
"id": "135738"
},
{
"date": "2016-07-14T20:08:00",
"db": "PACKETSTORM",
"id": "137908"
},
{
"date": "2016-06-17T23:50:23",
"db": "PACKETSTORM",
"id": "137518"
},
{
"date": "2016-02-10T03:55:35",
"db": "PACKETSTORM",
"id": "135684"
},
{
"date": "2021-09-22T16:28:58",
"db": "PACKETSTORM",
"id": "164240"
},
{
"date": "2016-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-057"
},
{
"date": "2016-02-15T19:59:00.107000",
"db": "NVD",
"id": "CVE-2016-0742"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88252"
},
{
"date": "2021-09-22T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0742"
},
{
"date": "2016-10-26T00:01:00",
"db": "BID",
"id": "82230"
},
{
"date": "2016-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001524"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-057"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0742"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-057"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Service disruption in other resolvers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001524"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-057"
}
],
"trust": 0.6
}
}
VAR-201602-0391
Vulnerability from variot - Updated: 2025-04-13 19:38The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. There is a security vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. The vulnerability stems from the fact that the program does not limit CNAME resolution. These only affect nginx if the "resolver" directive is used in a configuration file.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.1-2.2+wheezy4.
For the stable distribution (jessie), these problems have been fixed in version 1.6.2-5+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1.9.10-1.
For the unstable distribution (sid), these problems have been fixed in version 1.9.10-1.
We recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 =====================================================================
- Summary:
An update for rh-nginx18-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).
Security Fix(es):
-
A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash. (CVE-2016-4450)
-
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. (CVE-2016-0742)
-
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. (CVE-2016-0746)
-
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. (CVE-2016-0747)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx18-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver 1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver 1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver 1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm
x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06
https://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.10.1 >= 1.10.1
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"
References
[ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2892-1 February 09, 2016
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx. (CVE-2016-0747)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.1 nginx-extras 1.9.3-1ubuntu1.1 nginx-full 1.9.3-1ubuntu1.1 nginx-light 1.9.3-1ubuntu1.1
Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.4 nginx-extras 1.4.6-1ubuntu3.4 nginx-full 1.4.6-1ubuntu3.4 nginx-light 1.4.6-1ubuntu3.4 nginx-naxsi 1.4.6-1ubuntu3.4
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0391",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "8.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.4,
"vendor": "novell",
"version": "42.1"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.1"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.8.1"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.9.x"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "14.04 lts"
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "8.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.6.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.5.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.3.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "nginx",
"version": "1.1.0"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.9.10"
},
{
"model": "nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "nginx",
"version": "1.8.1"
}
],
"sources": [
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-059"
},
{
"db": "NVD",
"id": "CVE-2016-0747"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:novell:leap",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "82230"
}
],
"trust": 0.3
},
"cve": "CVE-2016-0747",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-0747",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-88257",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-0747",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0747",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-0747",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-059",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-88257",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-0747",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88257"
},
{
"db": "VULMON",
"id": "CVE-2016-0747"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-059"
},
{
"db": "NVD",
"id": "CVE-2016-0747"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. There is a security vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. The vulnerability stems from the fact that the program does not limit CNAME resolution. These only affect nginx if\nthe \"resolver\" directive is used in a configuration file. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.1-2.2+wheezy4. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.6.2-5+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.9.10-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.10-1. \n\nWe recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-nginx18-nginx security update\nAdvisory ID: RHSA-2016:1425-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1425\nIssue date: 2016-07-14\nCVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 \n CVE-2016-4450 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx18-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web and proxy server with a focus on high concurrency,\nperformance, and low memory usage. \n\nThe following packages have been upgraded to a newer upstream version:\nrh-nginx18-nginx (1.8.1). \n\nSecurity Fix(es):\n\n* A NULL pointer dereference flaw was found in the nginx code responsible\nfor saving client request body to a temporary file. A remote attacker could\nsend a specially crafted request that would cause nginx worker process to\ncrash. (CVE-2016-4450)\n\n* It was discovered that nginx could perform an out of bound read and\ndereference an invalid pointer when resolving CNAME DNS records. An\nattacker able to manipulate DNS responses received by nginx could use this\nflaw to cause a worker process to crash if nginx enabled the resolver in\nits configuration. (CVE-2016-0742)\n\n* A use-after-free flaw was found in the way nginx resolved certain CNAME\nDNS records. \n(CVE-2016-0746)\n\n* It was discovered that nginx did not limit recursion when resolving CNAME\nDNS records. \n(CVE-2016-0747)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx18-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver\n1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver\n1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver\n1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el6.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx18-nginx-1.8.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm\nrh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0742\nhttps://access.redhat.com/security/cve/CVE-2016-0746\nhttps://access.redhat.com/security/cve/CVE-2016-0747\nhttps://access.redhat.com/security/cve/CVE-2016-4450\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp\nZhbDRXs2sdXbnakZ6oJi/K8=\n=7RBd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: June 17, 2016\n Bugs: #560854, #573046, #584744\n ID: 201606-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow a remote attacker to cause a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.10.1 \u003e= 1.10.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.10.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587\n[ 2 ] CVE-2016-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742\n[ 3 ] CVE-2016-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746\n[ 4 ] CVE-2016-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747\n[ 5 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n[ 6 ] CVE-2016-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2892-1\nFebruary 09, 2016\n\nnginx vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n(CVE-2016-0747)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n nginx-core 1.9.3-1ubuntu1.1\n nginx-extras 1.9.3-1ubuntu1.1\n nginx-full 1.9.3-1ubuntu1.1\n nginx-light 1.9.3-1ubuntu1.1\n\nUbuntu 14.04 LTS:\n nginx-core 1.4.6-1ubuntu3.4\n nginx-extras 1.4.6-1ubuntu3.4\n nginx-full 1.4.6-1ubuntu3.4\n nginx-light 1.4.6-1ubuntu3.4\n nginx-naxsi 1.4.6-1ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0747"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "VULHUB",
"id": "VHN-88257"
},
{
"db": "VULMON",
"id": "CVE-2016-0747"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0747",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1034869",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-059",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164240",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3157",
"trust": 0.6
},
{
"db": "BID",
"id": "82230",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-88257",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-0747",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135738",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137908",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137518",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135684",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88257"
},
{
"db": "VULMON",
"id": "CVE-2016-0747"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-059"
},
{
"db": "NVD",
"id": "CVE-2016-0747"
}
]
},
"id": "VAR-201602-0391",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88257"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T19:38:16.096000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-3473",
"trust": 0.8,
"url": "http://www.debian.org/security/2016/dsa-3473"
},
{
"title": "openSUSE-SU-2016:0371",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
},
{
"title": "Bug 1302589",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589"
},
{
"title": "USN-2892-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-2892-1/"
},
{
"title": "CVE-2016-0742, CVE-2016-0746, CVE-2016-0747",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"
},
{
"title": "nginx resolver Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60056"
},
{
"title": "Ubuntu Security Notice: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2892-1"
},
{
"title": "Red Hat: CVE-2016-0747",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-0747"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=10ec4e6c24845a17d787b01f883e17a7"
},
{
"title": "Amazon Linux AMI: ALAS-2016-655",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-655"
},
{
"title": "Symantec Security Advisories: SA115 : Multiple nginx DNS resolver vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=4df1d4c41a5a305df81d1cff15b6d5a3"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-0747"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-059"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88257"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"db": "NVD",
"id": "CVE-2016-0747"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201606-06"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2016:1425"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2892-1"
},
{
"trust": 1.8,
"url": "https://bto.bluecoat.com/security-advisory/sa115"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht212818"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2016/dsa-3473"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2021/sep/36"
},
{
"trust": 1.8,
"url": "http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034869"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0747"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0747"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212818"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3157"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.10431541.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.85903129.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.107423490.1444954692.1454065053"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237"
},
{
"trust": 0.3,
"url": "https://support.asperasoft.com/hc/en-us/articles/229846687-security-bulletin-multiple-vulnerabilities-with-the-nginx-web-server-used-in-ibm-aspera-shares-1-9-2-earlier"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4450"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2892-1/"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/82230"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0747"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0746"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212818."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88257"
},
{
"db": "VULMON",
"id": "CVE-2016-0747"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-059"
},
{
"db": "NVD",
"id": "CVE-2016-0747"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-88257"
},
{
"db": "VULMON",
"id": "CVE-2016-0747"
},
{
"db": "BID",
"id": "82230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"db": "PACKETSTORM",
"id": "135738"
},
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "PACKETSTORM",
"id": "164240"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-059"
},
{
"db": "NVD",
"id": "CVE-2016-0747"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-15T00:00:00",
"db": "VULHUB",
"id": "VHN-88257"
},
{
"date": "2016-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0747"
},
{
"date": "2016-01-29T00:00:00",
"db": "BID",
"id": "82230"
},
{
"date": "2016-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"date": "2016-02-12T19:22:00",
"db": "PACKETSTORM",
"id": "135738"
},
{
"date": "2016-07-14T20:08:00",
"db": "PACKETSTORM",
"id": "137908"
},
{
"date": "2016-06-17T23:50:23",
"db": "PACKETSTORM",
"id": "137518"
},
{
"date": "2016-02-10T03:55:35",
"db": "PACKETSTORM",
"id": "135684"
},
{
"date": "2021-09-22T16:28:58",
"db": "PACKETSTORM",
"id": "164240"
},
{
"date": "2016-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-059"
},
{
"date": "2016-02-15T19:59:02.123000",
"db": "NVD",
"id": "CVE-2016-0747"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88257"
},
{
"date": "2021-09-22T00:00:00",
"db": "VULMON",
"id": "CVE-2016-0747"
},
{
"date": "2016-10-26T00:01:00",
"db": "BID",
"id": "82230"
},
{
"date": "2016-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001780"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-059"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0747"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "137908"
},
{
"db": "PACKETSTORM",
"id": "137518"
},
{
"db": "PACKETSTORM",
"id": "135684"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-059"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Service disruption in other resolvers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001780"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-059"
}
],
"trust": 0.6
}
}
VAR-201204-0227
Vulnerability from variot - Updated: 2025-04-11 23:16Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. nginx is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. nginx versions 1.1.3 through 1.1.18 and 1.0.7 through 1.0.14 are vulnerable; other versions may also be affected. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. Failure to do so will result in a denial of service. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-07
http://security.gentoo.org/
Severity: Normal Title: nginx: User-assisted execution of arbitrary code Date: June 21, 2012 Bugs: #411751 ID: 201206-07
Synopsis
A buffer overflow vulnerability in nginx could result in the execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.0.15 >= 1.0.15
Description
An error in ngx_http_mp4_module.c could cause a buffer overflow.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.15"
References
[ 1 ] CVE-2012-2089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2089
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-07.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201204-0227",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "15"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "17"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.18"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.3"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.14"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.0.7 to 1.0.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.1.3 to 1.1.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.10"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.1.17"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.14"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.9"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.8"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "1.1.19"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.15"
}
],
"sources": [
{
"db": "BID",
"id": "52999"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002087"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-276"
},
{
"db": "NVD",
"id": "CVE-2012-2089"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002087"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthew Daley",
"sources": [
{
"db": "BID",
"id": "52999"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-276"
}
],
"trust": 0.9
},
"cve": "CVE-2012-2089",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2012-2089",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-2089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-55370",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-2089",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-2089",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201204-276",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-55370",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55370"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002087"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-276"
},
{
"db": "NVD",
"id": "CVE-2012-2089"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. nginx is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAttackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. \nnginx versions 1.1.3 through 1.1.18 and 1.0.7 through 1.0.14 are vulnerable; other versions may also be affected. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. Failure to do so will result in a denial of service. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201206-07\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: User-assisted execution of arbitrary code\n Date: June 21, 2012\n Bugs: #411751\n ID: 201206-07\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA buffer overflow vulnerability in nginx could result in the execution\nof arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.0.15 \u003e= 1.0.15\n\nDescription\n===========\n\nAn error in ngx_http_mp4_module.c could cause a buffer overflow. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.0.15\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-2089\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2089\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-07.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2089"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002087"
},
{
"db": "BID",
"id": "52999"
},
{
"db": "VULHUB",
"id": "VHN-55370"
},
{
"db": "PACKETSTORM",
"id": "114012"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2089",
"trust": 2.9
},
{
"db": "BID",
"id": "52999",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1026924",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2012/04/12/9",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002087",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201204-276",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "114012",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-55370",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55370"
},
{
"db": "BID",
"id": "52999"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002087"
},
{
"db": "PACKETSTORM",
"id": "114012"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-276"
},
{
"db": "NVD",
"id": "CVE-2012-2089"
}
]
},
"id": "VAR-201204-0227",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-55370"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T23:16:45.303000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "nginx security advisories",
"trust": 0.8,
"url": "http://nginx.org/en/security_advisories.html"
},
{
"title": "nginx-1.0.15",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=42976"
},
{
"title": "nginx-1.1.19",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=42979"
},
{
"title": "nginx-1.1.19",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=42978"
},
{
"title": "nginx-1.0.15",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=42977"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002087"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-276"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55370"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002087"
},
{
"db": "NVD",
"id": "CVE-2012-2089"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://nginx.org/en/security_advisories.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1026924"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/52999"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/079388.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-may/079474.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-may/079467.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2012/04/12/9"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74831"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2089"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2089"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2089"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2089"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201206-07.xml"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55370"
},
{
"db": "BID",
"id": "52999"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002087"
},
{
"db": "PACKETSTORM",
"id": "114012"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-276"
},
{
"db": "NVD",
"id": "CVE-2012-2089"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-55370"
},
{
"db": "BID",
"id": "52999"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002087"
},
{
"db": "PACKETSTORM",
"id": "114012"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-276"
},
{
"db": "NVD",
"id": "CVE-2012-2089"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-55370"
},
{
"date": "2012-04-12T00:00:00",
"db": "BID",
"id": "52999"
},
{
"date": "2012-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002087"
},
{
"date": "2012-06-21T15:33:40",
"db": "PACKETSTORM",
"id": "114012"
},
{
"date": "2012-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-276"
},
{
"date": "2012-04-17T21:55:01.353000",
"db": "NVD",
"id": "CVE-2012-2089"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-55370"
},
{
"date": "2015-04-13T21:21:00",
"db": "BID",
"id": "52999"
},
{
"date": "2012-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002087"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-276"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-2089"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-276"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx of ngx_http_mp4_module.c Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-276"
}
],
"trust": 0.6
}
}
VAR-201311-0399
Vulnerability from variot - Updated: 2025-04-11 23:04nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. nginx 0.8.41 through 1.5.6 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A security vulnerability exists in nginx versions 0.8.41 through 1.4.3 and 1.5.x prior to 1.5.7. The vulnerability stems from the program not properly validating request URIs containing unescaped space characters.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547 http://advisories.mageia.org/MGASA-2013-0349.html
Updated Packages:
Mandriva Business Server 1/X86_64: ee03201627b548e26667eec1e5ac7dae mbs1/x86_64/nginx-1.0.15-3.1.mbs1.x86_64.rpm 6404dde21b871054a663171b5460fac8 mbs1/SRPMS/nginx-1.0.15-3.1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2802-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst November 21, 2013 http://www.debian.org/security/faq
Package : nginx Vulnerability : restriction bypass Problem type : remote Debian-specific: no CVE ID : CVE-2013-4547 Debian Bug : 730012
Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request.
The oldstable distribution (squeeze) is not affected by this problem.
For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy2.
For the unstable distribution (sid), this problem has been fixed in version 1.4.4-1.
We recommend that you upgrade your nginx packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST q9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO 3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6 Ddh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6 OHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f vAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw== =ttYS -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0399",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "lifecycle management server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "1.3"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.6"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.0"
},
{
"model": "studio onsite",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "1.3"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.41"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "12.2"
},
{
"model": "webyast",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "1.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "12.3"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.4.4"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.5.7"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.5.x"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.8.41 to 1.4.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.3.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.4.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.3.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.3.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.4.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.3.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.3.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.3.8"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.1.17"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.14"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.10"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.9"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.8"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.40"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.1.19"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.15"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "63814"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
},
{
"db": "NVD",
"id": "CVE-2013-4547"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan Fratric of the Google Security Team",
"sources": [
{
"db": "BID",
"id": "63814"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
}
],
"trust": 0.9
},
"cve": "CVE-2013-4547",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-4547",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-64549",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4547",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-4547",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201311-336",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-64549",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-4547",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64549"
},
{
"db": "VULMON",
"id": "CVE-2013-4547"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
},
{
"db": "NVD",
"id": "CVE-2013-4547"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx is prone to a remote security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \nnginx 0.8.41 through 1.5.6 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A security vulnerability exists in nginx versions 0.8.41 through 1.4.3 and 1.5.x prior to 1.5.7. The vulnerability stems from the program not properly validating request URIs containing unescaped space characters. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547\n http://advisories.mageia.org/MGASA-2013-0349.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n ee03201627b548e26667eec1e5ac7dae mbs1/x86_64/nginx-1.0.15-3.1.mbs1.x86_64.rpm \n 6404dde21b871054a663171b5460fac8 mbs1/SRPMS/nginx-1.0.15-3.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2802-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nNovember 21, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nginx\nVulnerability : restriction bypass\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4547\nDebian Bug : 730012\n\nIvan Fratric of the Google Security Team discovered a bug in nginx,\na web server, which might allow an attacker to bypass security\nrestrictions by using a specially crafted request. \n\nThe oldstable distribution (squeeze) is not affected by this problem. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.1-2.2+wheezy2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.4-1. \n\nWe recommend that you upgrade your nginx packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST\nq9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO\n3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6\nDdh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6\nOHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f\nvAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw==\n=ttYS\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4547"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"db": "BID",
"id": "63814"
},
{
"db": "VULHUB",
"id": "VHN-64549"
},
{
"db": "VULMON",
"id": "CVE-2013-4547"
},
{
"db": "PACKETSTORM",
"id": "124159"
},
{
"db": "PACKETSTORM",
"id": "124145"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-64549",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38846",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64549"
},
{
"db": "VULMON",
"id": "CVE-2013-4547"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4547",
"trust": 3.1
},
{
"db": "SECUNIA",
"id": "55825",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "55757",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "55822",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201311-336",
"trust": 0.7
},
{
"db": "BID",
"id": "63814",
"trust": 0.5
},
{
"db": "PACKETSTORM",
"id": "124145",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "124159",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "38846",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-64549",
"trust": 0.1
},
{
"db": "EXPLOITDB",
"id": "38846",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-4547",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64549"
},
{
"db": "VULMON",
"id": "CVE-2013-4547"
},
{
"db": "BID",
"id": "63814"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"db": "PACKETSTORM",
"id": "124159"
},
{
"db": "PACKETSTORM",
"id": "124145"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
},
{
"db": "NVD",
"id": "CVE-2013-4547"
}
]
},
"id": "VAR-201311-0399",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-64549"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T23:04:03.158000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2802",
"trust": 0.8,
"url": "http://www.debian.org/security/2013/dsa-2802"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://nginx.com/"
},
{
"title": "SUSE-SU-2013:1895",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html"
},
{
"title": "openSUSE-SU-2013:1791",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html"
},
{
"title": "openSUSE-SU-2013:1792",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html"
},
{
"title": "openSUSE-SU-2013:1745",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html"
},
{
"title": "nginx-1.5.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48998"
},
{
"title": "nginx-1.4.4",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48997"
},
{
"title": "nginx-1.4.4",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48996"
},
{
"title": "nginx-1.4.4",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=49035"
},
{
"title": "nginx-1.5.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48999"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: CVE-2013-4547",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f4bb5a4a182af6a4c8ca260ef90a3d69"
},
{
"title": "Debian Security Advisories: DSA-2802-1 nginx -- restriction bypass",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0e9f3c319e9988b421581c9d566c73e5"
},
{
"title": "Debian CVElist Bug Report Logs: nginx:CVE-2014-3616: possible to reuse cached SSL sessions in unrelated contexts",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=703629f55868e4fc7623e469fe23486b"
},
{
"title": "Amazon Linux AMI: ALAS-2013-249",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2013-249"
},
{
"title": "DVWA-Note",
"trust": 0.1,
"url": "https://github.com/dhgdhg/DVWA- "
},
{
"title": "DVWA-Note",
"trust": 0.1,
"url": "https://github.com/twfb/DVWA-Note "
},
{
"title": "DVWA-Note",
"trust": 0.1,
"url": "https://github.com/dhgdhg/DVWA "
},
{
"title": "usn-search",
"trust": 0.1,
"url": "https://github.com/lukeber4/usn-search "
},
{
"title": "Vision",
"trust": 0.1,
"url": "https://github.com/CoolerVoid/Vision "
},
{
"title": "Vision2",
"trust": 0.1,
"url": "https://github.com/CoolerVoid/Vision2 "
},
{
"title": "woodswiki",
"trust": 0.1,
"url": "https://github.com/woods-sega/woodswiki "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-4547"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-116",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64549"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"db": "NVD",
"id": "CVE-2013-4547"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.debian.org/security/2012/dsa-2802"
},
{
"trust": 2.1,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/55757"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/55822"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/55825"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4547"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4547"
},
{
"trust": 0.3,
"url": "http://nginx.org/download/patch.2013.space.txt"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671931"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4547"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/116.html"
},
{
"trust": 0.1,
"url": "https://github.com/dhgdhg/dvwa-"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/38846/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/63814"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730012"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-2802"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2013-0349.html"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64549"
},
{
"db": "VULMON",
"id": "CVE-2013-4547"
},
{
"db": "BID",
"id": "63814"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"db": "PACKETSTORM",
"id": "124159"
},
{
"db": "PACKETSTORM",
"id": "124145"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
},
{
"db": "NVD",
"id": "CVE-2013-4547"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-64549"
},
{
"db": "VULMON",
"id": "CVE-2013-4547"
},
{
"db": "BID",
"id": "63814"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"db": "PACKETSTORM",
"id": "124159"
},
{
"db": "PACKETSTORM",
"id": "124145"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
},
{
"db": "NVD",
"id": "CVE-2013-4547"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-23T00:00:00",
"db": "VULHUB",
"id": "VHN-64549"
},
{
"date": "2013-11-23T00:00:00",
"db": "VULMON",
"id": "CVE-2013-4547"
},
{
"date": "2013-11-19T00:00:00",
"db": "BID",
"id": "63814"
},
{
"date": "2013-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"date": "2013-11-25T17:07:04",
"db": "PACKETSTORM",
"id": "124159"
},
{
"date": "2013-11-22T21:29:14",
"db": "PACKETSTORM",
"id": "124145"
},
{
"date": "2013-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-336"
},
{
"date": "2013-11-23T18:55:04.687000",
"db": "NVD",
"id": "CVE-2013-4547"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-64549"
},
{
"date": "2021-11-10T00:00:00",
"db": "VULMON",
"id": "CVE-2013-4547"
},
{
"date": "2015-05-07T17:10:00",
"db": "BID",
"id": "63814"
},
{
"date": "2013-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005289"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-336"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-4547"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Vulnerabilities that bypass restrictions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005289"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-336"
}
],
"trust": 0.6
}
}
VAR-201006-0492
Vulnerability from variot - Updated: 2025-04-11 22:54nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. Nginx is prone to a denial-of-service vulnerability. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. There are security holes in nginx
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201006-0492",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.67"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.40"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.52"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.9,
"vendor": "nginx",
"version": "0.8.36"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.8.36"
}
],
"sources": [
{
"db": "BID",
"id": "78928"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-226"
},
{
"db": "NVD",
"id": "CVE-2010-2266"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "78928"
}
],
"trust": 0.3
},
"cve": "CVE-2010-2266",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-2266",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-44871",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-2266",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-2266",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201006-226",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-44871",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44871"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-226"
},
{
"db": "NVD",
"id": "CVE-2010-2266"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the \"%c0.%c0.\" sequence. Nginx is prone to a denial-of-service vulnerability. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. There are security holes in nginx",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2266"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"db": "BID",
"id": "78928"
},
{
"db": "VULHUB",
"id": "VHN-44871"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-44871",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44871"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2266",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "13818",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004871",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201006-226",
"trust": 0.7
},
{
"db": "BID",
"id": "78928",
"trust": 0.4
},
{
"db": "SEEBUG",
"id": "SSVID-88008",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-88038",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-44871",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44871"
},
{
"db": "BID",
"id": "78928"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-226"
},
{
"db": "NVD",
"id": "CVE-2010-2266"
}
]
},
"id": "VAR-201006-0492",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-44871"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T22:54:13.679000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://nginx.org/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44871"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"db": "NVD",
"id": "CVE-2010-2266"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.exploit-db.com/exploits/13818/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2266"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2266"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44871"
},
{
"db": "BID",
"id": "78928"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-226"
},
{
"db": "NVD",
"id": "CVE-2010-2266"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-44871"
},
{
"db": "BID",
"id": "78928"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-226"
},
{
"db": "NVD",
"id": "CVE-2010-2266"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-44871"
},
{
"date": "2010-06-15T00:00:00",
"db": "BID",
"id": "78928"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"date": "2010-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-226"
},
{
"date": "2010-06-15T14:04:24.420000",
"db": "NVD",
"id": "CVE-2010-2266"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-44871"
},
{
"date": "2010-06-15T00:00:00",
"db": "BID",
"id": "78928"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004871"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-226"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-2266"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-226"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004871"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-226"
}
],
"trust": 0.6
}
}
VAR-201006-0493
Vulnerability from variot - Updated: 2025-04-11 22:54nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. Nginx is a high-performance web server that is widely used. It is not only often used as a reverse proxy, but also very well supported for PHP. Nginx does not handle user requests correctly. A remote attacker can exploit the vulnerability to obtain script source code information and perform denial of service attacks on the application. nginx is prone to remote source-code-disclosure and denial-of-service vulnerabilities. nginx 0.8.36 for Windows is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201006-0493",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.66"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.39"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.52"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.7.66"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.8.40"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.7"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.7.20"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.36"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.35"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.33"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.32"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.15"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.14"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.65"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.64"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.62"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.61"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.41"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.66"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1094"
},
{
"db": "BID",
"id": "40760"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
},
{
"db": "NVD",
"id": "CVE-2010-2263"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dr_IDE Jose Antonio Vazquez Gonzalez",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
}
],
"trust": 0.6
},
"cve": "CVE-2010-2263",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2010-2263",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-2263",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-2263",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201006-224",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
},
{
"db": "NVD",
"id": "CVE-2010-2263"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. Nginx is a high-performance web server that is widely used. It is not only often used as a reverse proxy, but also very well supported for PHP. Nginx does not handle user requests correctly. A remote attacker can exploit the vulnerability to obtain script source code information and perform denial of service attacks on the application. nginx is prone to remote source-code-disclosure and denial-of-service vulnerabilities. \nnginx 0.8.36 for Windows is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2263"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"db": "CNVD",
"id": "CNVD-2010-1094"
},
{
"db": "BID",
"id": "40760"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2263",
"trust": 2.7
},
{
"db": "BID",
"id": "40760",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "13822",
"trust": 1.6
},
{
"db": "EXPLOIT-DB",
"id": "13818",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004869",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-1094",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201006-224",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1094"
},
{
"db": "BID",
"id": "40760"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
},
{
"db": "NVD",
"id": "CVE-2010-2263"
}
]
},
"id": "VAR-201006-0493",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1094"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1094"
}
]
},
"last_update_date": "2025-04-11T22:54:13.642000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://nginx.org/"
},
{
"title": "Nginx remote source code leak and denial of service patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/454"
},
{
"title": "Vulnerabilities with Windows file default stream",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=3683"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1094"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"db": "NVD",
"id": "CVE-2010-2263"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/13822"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/40760"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/13818"
},
{
"trust": 1.6,
"url": "http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2263"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2263"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/40760/"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1094"
},
{
"db": "BID",
"id": "40760"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
},
{
"db": "NVD",
"id": "CVE-2010-2263"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1094"
},
{
"db": "BID",
"id": "40760"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
},
{
"db": "NVD",
"id": "CVE-2010-2263"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1094"
},
{
"date": "2010-06-11T00:00:00",
"db": "BID",
"id": "40760"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"date": "2010-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-224"
},
{
"date": "2010-06-15T14:04:24.313000",
"db": "NVD",
"id": "CVE-2010-2263"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1094"
},
{
"date": "2015-04-13T21:02:00",
"db": "BID",
"id": "40760"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004869"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-224"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-2263"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Vulnerabilities in which source code is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004869"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-224"
}
],
"trust": 0.6
}
}
VAR-201307-0482
Vulnerability from variot - Updated: 2025-04-11 22:27http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. Nginx is prone to a remote security vulnerability. Attackers can exploit this issue to a cause a denial-of-service condition or obtain sensitive information. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-04
http://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: October 06, 2013 Bugs: #458726, #468870 ID: 201310-04
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.4.1-r2 >= 1.4.1-r2
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.1-r2"
References
[ 1 ] CVE-2013-0337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337 [ 2 ] CVE-2013-2028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028 [ 3 ] CVE-2013-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-04.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-2721-1 security@debian.org http://www.debian.org/security/ Nico Golde July 07, 2013 http://www.debian.org/security/faq
Package : nginx Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2013-2070 Debian Bug : 708164
A buffer overflow has been identified in nginx, a small, powerful, scalable web/proxy server, when processing certain chunked transfer encoding requests if proxy_pass to untrusted upstream HTTP servers is used.
The oldstable distribution (squeeze), is not affected by this problem.
For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy1.
For the unstable distribution (sid), this problem has been fixed in version 1.4.1-1.
We recommend that you upgrade your nginx packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJR2ZOuAAoJEM1LKvOgoKqqTjsQAMKVFfBMx5Xu6XB6jXXM+2CL +m0TyjQp9oKTlTkZpE18fbQviCVk+A1jZZbHdEZlJnEdy0XvXvJpaN6DiNi10IVi kRQkMBtusXI7Bshh4Z/xWh6on9s//06mQzQzymnMQfcKDcg91Z159xPYi86mlxH5 dnf9/XirRwCokM5PI8duw1YJg2aMUpr5wYi14LVpC93ic5UoL3olwtbWcIAJy6VP auORGQLFTUCljpyEtZXku8mD168RnSubP6FZGRfar3JvywBX4MgK/+KnGXuZKZ6H MNDgVrb8hrkzQJQWvycZjhYUhurqSkR17VgJnwiyHxOxP9Sw6adWoH5aRGwoklhH 0d48CMlunJFvYtFEY8rQqiXBLAyZ09CnrEwgQa3hlugGWkRPVxnKmaghOwXZNXez o8RjCYEOdD2BppUc8RJZYz3UYq+WdVKv499HcgKGscol9aJ8XCYoq/G67697EaPF NUFaL3ApZ7rGiuUsx82FujIRs2rjuvQTe9Wiz2jRh0/BjuKarL/TG3r3SVD5/nDX 6j4ngF8eFDmf2ZfxQM1/Ug2ReO+gglnVZyYy4Kn/fxTTwFMLvznR+2lygAJQs/aM CsRN7KQhDdL1FgELvapLYyfcweeq41NJGwIvD7y3O7JKAlO44IO3XcvdAOHWLY2f 8xcpghy474tAclbQPQUi =4eCV -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201307-0482",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.2.8"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.4"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.4.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.1.4 to 1.2.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.3.0 to 1.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.11"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.4.4"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.3.9"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.3.1"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.3"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.2.1"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.2"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.1.17"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.14"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.10"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.9"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.8"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.1.19"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.15"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "59824"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003474"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-235"
},
{
"db": "NVD",
"id": "CVE-2013-2070"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003474"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "59824"
}
],
"trust": 0.3
},
"cve": "CVE-2013-2070",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-2070",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-62072",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-2070",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-2070",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201305-235",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-62072",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62072"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003474"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-235"
},
{
"db": "NVD",
"id": "CVE-2013-2070"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. Nginx is prone to a remote security vulnerability. \nAttackers can exploit this issue to a cause a denial-of-service condition or obtain sensitive information. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201310-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: October 06, 2013\n Bugs: #458726, #468870\n ID: 201310-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.4.1-r2 \u003e= 1.4.1-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could send a specially crafted request, possibly\nresulting in execution of arbitrary code with the privileges of the\nprocess, or a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.4.1-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-0337\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337\n[ 2 ] CVE-2013-2028\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028\n[ 3 ] CVE-2013-2070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201310-04.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2721-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nJuly 07, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nginx\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-2070\nDebian Bug : 708164\n\nA buffer overflow has been identified in nginx, a small, powerful,\nscalable web/proxy server, when processing certain chunked transfer\nencoding requests if proxy_pass to untrusted upstream HTTP servers is\nused. \n\nThe oldstable distribution (squeeze), is not affected by this problem. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.1-2.2+wheezy1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.1-1. \n\nWe recommend that you upgrade your nginx packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niQIcBAEBCgAGBQJR2ZOuAAoJEM1LKvOgoKqqTjsQAMKVFfBMx5Xu6XB6jXXM+2CL\n+m0TyjQp9oKTlTkZpE18fbQviCVk+A1jZZbHdEZlJnEdy0XvXvJpaN6DiNi10IVi\nkRQkMBtusXI7Bshh4Z/xWh6on9s//06mQzQzymnMQfcKDcg91Z159xPYi86mlxH5\ndnf9/XirRwCokM5PI8duw1YJg2aMUpr5wYi14LVpC93ic5UoL3olwtbWcIAJy6VP\nauORGQLFTUCljpyEtZXku8mD168RnSubP6FZGRfar3JvywBX4MgK/+KnGXuZKZ6H\nMNDgVrb8hrkzQJQWvycZjhYUhurqSkR17VgJnwiyHxOxP9Sw6adWoH5aRGwoklhH\n0d48CMlunJFvYtFEY8rQqiXBLAyZ09CnrEwgQa3hlugGWkRPVxnKmaghOwXZNXez\no8RjCYEOdD2BppUc8RJZYz3UYq+WdVKv499HcgKGscol9aJ8XCYoq/G67697EaPF\nNUFaL3ApZ7rGiuUsx82FujIRs2rjuvQTe9Wiz2jRh0/BjuKarL/TG3r3SVD5/nDX\n6j4ngF8eFDmf2ZfxQM1/Ug2ReO+gglnVZyYy4Kn/fxTTwFMLvznR+2lygAJQs/aM\nCsRN7KQhDdL1FgELvapLYyfcweeq41NJGwIvD7y3O7JKAlO44IO3XcvdAOHWLY2f\n8xcpghy474tAclbQPQUi\n=4eCV\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2070"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003474"
},
{
"db": "BID",
"id": "59824"
},
{
"db": "VULHUB",
"id": "VHN-62072"
},
{
"db": "PACKETSTORM",
"id": "123516"
},
{
"db": "PACKETSTORM",
"id": "122319"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2070",
"trust": 3.0
},
{
"db": "BID",
"id": "59824",
"trust": 2.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2013/05/13/3",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "55181",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003474",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201305-235",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "122319",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-60786",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-62072",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123516",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62072"
},
{
"db": "BID",
"id": "59824"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003474"
},
{
"db": "PACKETSTORM",
"id": "123516"
},
{
"db": "PACKETSTORM",
"id": "122319"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-235"
},
{
"db": "NVD",
"id": "CVE-2013-2070"
}
]
},
"id": "VAR-201307-0482",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-62072"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T22:27:28.781000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2013-8182",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.html"
},
{
"title": "GLSA 201310-04",
"trust": 0.8,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201310-04.xml"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://nginx.org/ja/"
},
{
"title": "Bug 962525",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=962525"
},
{
"title": "CVE-2013-2028",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html"
},
{
"title": "Nginx Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=134169"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003474"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-235"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62072"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003474"
},
{
"db": "NVD",
"id": "CVE-2013-2070"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-201310-04.xml"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/55181"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/59824"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2013/dsa-2721"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-may/105950.html"
},
{
"trust": 1.7,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html"
},
{
"trust": 1.7,
"url": "http://seclists.org/oss-sec/2013/q2/291"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2013/05/13/3"
},
{
"trust": 1.7,
"url": "http://nginx.org/download/patch.2013.proxy.txt"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=962525"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84172"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2070"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2070"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2013/q2/315"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2070"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0337"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2028"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2028"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62072"
},
{
"db": "BID",
"id": "59824"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003474"
},
{
"db": "PACKETSTORM",
"id": "123516"
},
{
"db": "PACKETSTORM",
"id": "122319"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-235"
},
{
"db": "NVD",
"id": "CVE-2013-2070"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-62072"
},
{
"db": "BID",
"id": "59824"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003474"
},
{
"db": "PACKETSTORM",
"id": "123516"
},
{
"db": "PACKETSTORM",
"id": "122319"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-235"
},
{
"db": "NVD",
"id": "CVE-2013-2070"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-62072"
},
{
"date": "2013-05-13T00:00:00",
"db": "BID",
"id": "59824"
},
{
"date": "2013-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003474"
},
{
"date": "2013-10-07T22:29:42",
"db": "PACKETSTORM",
"id": "123516"
},
{
"date": "2013-07-08T19:34:00",
"db": "PACKETSTORM",
"id": "122319"
},
{
"date": "2013-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-235"
},
{
"date": "2013-07-20T03:37:25.247000",
"db": "NVD",
"id": "CVE-2013-2070"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-62072"
},
{
"date": "2015-04-13T22:23:00",
"db": "BID",
"id": "59824"
},
{
"date": "2013-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003474"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-235"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-2070"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-235"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx of http/modules/ngx_http_proxy_module.c Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003474"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-235"
}
],
"trust": 0.6
}
}
VAR-201307-0483
Vulnerability from variot - Updated: 2025-04-11 22:02The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. nginx is prone to a stack-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. The issue is fixed in nginx 1.4.1 and 1.5.0. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A denial of service vulnerability exists in the 'ngx_http_parse_chunked' function in http/ngx_http_parse.c in nginx versions 1.3.9 to 1.4.0. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-04
http://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: October 06, 2013 Bugs: #458726, #468870 ID: 201310-04
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.4.1-r2 >= 1.4.1-r2
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Furthermore, a context-dependent attacker may be able to obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.1-r2"
References
[ 1 ] CVE-2013-0337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337 [ 2 ] CVE-2013-2028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028 [ 3 ] CVE-2013-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-04.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . From: Maxim Dounin mdounin at mdounin.ru Tue May 7 11:30:26 UTC 2013
Hello!
Greg MacManus, of iSIGHT Partners Labs, found a security problem in several recent versions of nginx.
Patch for the problem can be found here:
http://nginx.org/download/patch.2013.chunked.txt
As a temporary workaround the following configuration can be used in each server{} block:
if ($http_transfer_encoding ~* chunked) {
return 444;
}
-- Maxim Dounin http://nginx.org/en/donation.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201307-0483",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "19"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.4.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.3.9 to 1.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.4.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.4.0"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.4.4"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.3.9"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "1.5.7"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "1.4.1"
}
],
"sources": [
{
"db": "BID",
"id": "59699"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
},
{
"db": "NVD",
"id": "CVE-2013-2028"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Greg MacManus of iSIGHT Partners Labs",
"sources": [
{
"db": "BID",
"id": "59699"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2028",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-2028",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-62030",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-2028",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-2028",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201305-143",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-62030",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-2028",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62030"
},
{
"db": "VULMON",
"id": "CVE-2013-2028"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
},
{
"db": "NVD",
"id": "CVE-2013-2028"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. nginx is prone to a stack-based buffer-overflow vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. \nThe issue is fixed in nginx 1.4.1 and 1.5.0. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A denial of service vulnerability exists in the \u0027ngx_http_parse_chunked\u0027 function in http/ngx_http_parse.c in nginx versions 1.3.9 to 1.4.0. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201310-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: October 06, 2013\n Bugs: #458726, #468870\n ID: 201310-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.4.1-r2 \u003e= 1.4.1-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could send a specially crafted request, possibly\nresulting in execution of arbitrary code with the privileges of the\nprocess, or a Denial of Service condition. Furthermore, a\ncontext-dependent attacker may be able to obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.4.1-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-0337\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337\n[ 2 ] CVE-2013-2028\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028\n[ 3 ] CVE-2013-2070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201310-04.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. From: Maxim Dounin mdounin at mdounin.ru\nTue May 7 11:30:26 UTC 2013\n\nHello!\n\nGreg MacManus, of iSIGHT Partners Labs, found a security problem\nin several recent versions of nginx. \n\nPatch for the problem can be found here:\n\nhttp://nginx.org/download/patch.2013.chunked.txt\n\nAs a temporary workaround the following configuration\ncan be used in each server{} block:\n\n if ($http_transfer_encoding ~* chunked) {\n return 444;\n }\n\n\n-- \nMaxim Dounin\nhttp://nginx.org/en/donation.html\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2028"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"db": "BID",
"id": "59699"
},
{
"db": "VULHUB",
"id": "VHN-62030"
},
{
"db": "VULMON",
"id": "CVE-2013-2028"
},
{
"db": "PACKETSTORM",
"id": "123516"
},
{
"db": "PACKETSTORM",
"id": "121560"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=25499",
"trust": 0.4,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-62030",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62030"
},
{
"db": "VULMON",
"id": "CVE-2013-2028"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2028",
"trust": 3.1
},
{
"db": "BID",
"id": "59699",
"trust": 2.1
},
{
"db": "PACKETSTORM",
"id": "121675",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "55181",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "93037",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201305-143",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "121560",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "25499",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "125758",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121712",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122477",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "26737",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "25775",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "32277",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-85572",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-79430",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-79160",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-80363",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-62030",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-2028",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123516",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62030"
},
{
"db": "VULMON",
"id": "CVE-2013-2028"
},
{
"db": "BID",
"id": "59699"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"db": "PACKETSTORM",
"id": "123516"
},
{
"db": "PACKETSTORM",
"id": "121560"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
},
{
"db": "NVD",
"id": "CVE-2013-2028"
}
]
},
"id": "VAR-201307-0483",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-62030"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T22:02:02.238000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GLSA 201310-04",
"trust": 0.8,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201310-04.xml"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://nginx.org/ja/"
},
{
"title": "CVE-2013-2028",
"trust": 0.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html"
},
{
"title": "nginx \u0027ngx_http_parse.c\u0027 Repair measures for stack buffer error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=134168"
},
{
"title": "nginxpwn",
"trust": 0.1,
"url": "https://github.com/kitctf/nginxpwn "
},
{
"title": "hack4career",
"trust": 0.1,
"url": "https://github.com/mertsarica/hack4career "
},
{
"title": "docker-cve-2013-2028",
"trust": 0.1,
"url": "https://github.com/mambroziak/docker-cve-2013-2028 "
},
{
"title": "nginx-1.4.0",
"trust": 0.1,
"url": "https://github.com/danghvu/nginx-1.4.0 "
},
{
"title": "zeus-software-security",
"trust": 0.1,
"url": "https://github.com/alexgeunholee/zeus-software-security "
},
{
"title": "nginxhack",
"trust": 0.1,
"url": "https://github.com/jptr218/nginxhack "
},
{
"title": "non-controlflow-hijacking-datasets",
"trust": 0.1,
"url": "https://github.com/camel-clarkson/non-controlflow-hijacking-datasets "
},
{
"title": "exploit-development-case-studies",
"trust": 0.1,
"url": "https://github.com/dyjakan/exploit-development-case-studies "
},
{
"title": "LinuxFlaw",
"trust": 0.1,
"url": "https://github.com/mudongliang/LinuxFlaw "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-2028"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-189",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62030"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"db": "NVD",
"id": "CVE-2013-2028"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/59699"
},
{
"trust": 1.9,
"url": "http://security.gentoo.org/glsa/glsa-201310-04.xml"
},
{
"trust": 1.9,
"url": "http://nginx.org/download/patch.2013.chunked.txt"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-may/105176.html"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/121675/nginx-1.3.9-1.4.0-denial-of-service.html"
},
{
"trust": 1.8,
"url": "http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/"
},
{
"trust": 1.8,
"url": "https://github.com/rapid7/metasploit-framework/pull/1834"
},
{
"trust": 1.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/93037"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/55181"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2028"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2028"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://int3pids.blogspot.com.es/2013/07/nginx-reliable-explotation-through.html"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2013/q2/290"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2028"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://github.com/kitctf/nginxpwn"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/25499/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2070"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0337"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2028"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2070"
},
{
"trust": 0.1,
"url": "http://nginx.org/en/donation.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62030"
},
{
"db": "VULMON",
"id": "CVE-2013-2028"
},
{
"db": "BID",
"id": "59699"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"db": "PACKETSTORM",
"id": "123516"
},
{
"db": "PACKETSTORM",
"id": "121560"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
},
{
"db": "NVD",
"id": "CVE-2013-2028"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-62030"
},
{
"db": "VULMON",
"id": "CVE-2013-2028"
},
{
"db": "BID",
"id": "59699"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"db": "PACKETSTORM",
"id": "123516"
},
{
"db": "PACKETSTORM",
"id": "121560"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
},
{
"db": "NVD",
"id": "CVE-2013-2028"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-62030"
},
{
"date": "2013-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2013-2028"
},
{
"date": "2013-05-07T00:00:00",
"db": "BID",
"id": "59699"
},
{
"date": "2013-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"date": "2013-10-07T22:29:42",
"db": "PACKETSTORM",
"id": "123516"
},
{
"date": "2013-05-08T02:43:02",
"db": "PACKETSTORM",
"id": "121560"
},
{
"date": "2013-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-143"
},
{
"date": "2013-07-20T03:37:20.730000",
"db": "NVD",
"id": "CVE-2013-2028"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-62030"
},
{
"date": "2021-11-10T00:00:00",
"db": "VULMON",
"id": "CVE-2013-2028"
},
{
"date": "2015-04-13T21:40:00",
"db": "BID",
"id": "59699"
},
{
"date": "2013-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003473"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-143"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-2028"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx of http/ngx_http_parse.c Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003473"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-143"
}
],
"trust": 0.6
}
}
VAR-201204-0228
Vulnerability from variot - Updated: 2025-04-11 21:30Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. nginx is prone to an information-disclosure vulnerability. Attackers can exploit this issue to harvest sensitive information that may lead to further attacks. BUGTRAQ ID: 52578 CVE ID: CVE-2012-1180 nginx is a widely used high-performance web server. There is an information disclosure vulnerability in nginx's implementation of processing malformed HTTP responses from upstream servers. 0 nginx 1.0.9 nginx 1.0.8 nginx 1.0.10 Vendor patch: Igor Sysoev ----------- At present, the vendor has released an upgrade patch to fix this security problem, please go to the vendor's homepage to download: http ://nginx.net/. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22
http://security.gentoo.org/
Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.0.14 >= 1.0.14
Description
Multiple vulnerabilities have been found in nginx:
- The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555).
- The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896).
- nginx does not properly sanitize user input for the the WebDAV COPY or MOVE methods (CVE-2009-3898).
- The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315).
- nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180).
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the nginx process, cause a Denial of Service condition, create or overwrite arbitrary files, or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-22.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2012:043 http://www.mandriva.com/security/
Package : nginx Date : March 29, 2012 Affected: 2010.1, 2011.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1180
Updated Packages:
Mandriva Linux 2010.1: 44b081cef04380c1b45336962f9e9c4a 2010.1/i586/nginx-0.8.41-1.1mdv2010.2.i586.rpm ba57a417d0064fb122694b5dacedb1dd 2010.1/SRPMS/nginx-0.8.41-1.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64: 0008b13952f6f57c14efabeba5fbc717 2010.1/x86_64/nginx-0.8.41-1.1mdv2010.2.x86_64.rpm ba57a417d0064fb122694b5dacedb1dd 2010.1/SRPMS/nginx-0.8.41-1.1mdv2010.2.src.rpm
Mandriva Linux 2011: dd738ba12a2127a78731eabb19129045 2011/i586/nginx-1.0.5-1.1-mdv2011.0.i586.rpm 5ee13d12672c9cd141449bd0dc024479 2011/SRPMS/nginx-1.0.5-1.1.src.rpm
Mandriva Linux 2011/X86_64: d4af6f92f3508722e79dad2a5d12f269 2011/x86_64/nginx-1.0.5-1.1-mdv2011.0.x86_64.rpm 5ee13d12672c9cd141449bd0dc024479 2011/SRPMS/nginx-1.0.5-1.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPc/zbmqjQ0CJFipgRAsXqAKCDpT1SDD6heEKkG4xtUvKB19ofhgCgihpF qZLFGHfgElxAFfkUZ3nIlDw= =VETw -----END PGP SIGNATURE----- .
For the stable distribution (squeeze), this problem has been fixed in version 0.7.67-3+squeeze2.
For the unstable distribution (sid), this problem has been fixed in version 1.1.17-1.
We recommend that you upgrade your nginx packages. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Debian update for nginx
SECUNIA ADVISORY ID: SA48465
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48465/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48465
RELEASE DATE: 2012-03-20
DISCUSS ADVISORY: http://secunia.com/advisories/48465/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48465/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48465
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Debian has issued an update for nginx. This fixes a weakness, which can be exploited by malicious people to disclose certain sensitive information.
For more information: SA48366
SOLUTION: Apply updated packages via the apt-get package manager.
ORIGINAL ADVISORY: DSA-2434-1: http://www.debian.org/security/2012/dsa-2434
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201204-0228",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "15"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "17"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.17"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.14"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "16"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.1.x"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.1.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "0.7.44"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "0.7.45"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "0.7.43"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "0.7.41"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "0.7.39"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "0.7.40"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "0.7.46"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "0.7.42"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "0.7.48"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "0.7.47"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.10"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.9"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.8"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "1.1.17"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.14"
}
],
"sources": [
{
"db": "BID",
"id": "52578"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002086"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-375"
},
{
"db": "NVD",
"id": "CVE-2012-1180"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002086"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthew Daley",
"sources": [
{
"db": "BID",
"id": "52578"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1180",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-1180",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-54461",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1180",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-1180",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-375",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54461",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54461"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002086"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-375"
},
{
"db": "NVD",
"id": "CVE-2012-1180"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. nginx is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to harvest sensitive information that may lead to further attacks. BUGTRAQ ID: 52578 CVE ID: CVE-2012-1180 nginx is a widely used high-performance web server. There is an information disclosure vulnerability in nginx\u0027s implementation of processing malformed HTTP responses from upstream servers. 0 nginx 1.0.9 nginx 1.0.8 nginx 1.0.10 Vendor patch: Igor Sysoev ----------- At present, the vendor has released an upgrade patch to fix this security problem, please go to the vendor\u0027s homepage to download: http ://nginx.net/. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: nginx: Multiple vulnerabilities\n Date: March 28, 2012\n Bugs: #293785, #293786, #293788, #389319, #408367\n ID: 201203-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.0.14 \u003e= 1.0.14\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in nginx:\n\n* The TLS protocol does not properly handle session renegotiation\n requests (CVE-2009-3555). \n* The \"ngx_http_process_request_headers()\" function in ngx_http_parse.c\n could cause a NULL pointer dereference (CVE-2009-3896). \n* nginx does not properly sanitize user input for the the WebDAV COPY\n or MOVE methods (CVE-2009-3898). \n* The \"ngx_resolver_copy()\" function in ngx_resolver.c contains a\n boundary error which could cause a heap-based buffer overflow\n (CVE-2011-4315). \n* nginx does not properly parse HTTP header responses which could\n expose sensitive information (CVE-2012-1180). \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the nginx process, cause a Denial of Service condition,\ncreate or overwrite arbitrary files, or obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.0.14\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2009-3896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896\n[ 3 ] CVE-2009-3898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898\n[ 4 ] CVE-2011-4315\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315\n[ 5 ] CVE-2012-1180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-22.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2012:043\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : nginx\n Date : March 29, 2012\n Affected: 2010.1, 2011. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1180\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2010.1:\n 44b081cef04380c1b45336962f9e9c4a 2010.1/i586/nginx-0.8.41-1.1mdv2010.2.i586.rpm \n ba57a417d0064fb122694b5dacedb1dd 2010.1/SRPMS/nginx-0.8.41-1.1mdv2010.2.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 0008b13952f6f57c14efabeba5fbc717 2010.1/x86_64/nginx-0.8.41-1.1mdv2010.2.x86_64.rpm \n ba57a417d0064fb122694b5dacedb1dd 2010.1/SRPMS/nginx-0.8.41-1.1mdv2010.2.src.rpm\n\n Mandriva Linux 2011:\n dd738ba12a2127a78731eabb19129045 2011/i586/nginx-1.0.5-1.1-mdv2011.0.i586.rpm \n 5ee13d12672c9cd141449bd0dc024479 2011/SRPMS/nginx-1.0.5-1.1.src.rpm\n\n Mandriva Linux 2011/X86_64:\n d4af6f92f3508722e79dad2a5d12f269 2011/x86_64/nginx-1.0.5-1.1-mdv2011.0.x86_64.rpm \n 5ee13d12672c9cd141449bd0dc024479 2011/SRPMS/nginx-1.0.5-1.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFPc/zbmqjQ0CJFipgRAsXqAKCDpT1SDD6heEKkG4xtUvKB19ofhgCgihpF\nqZLFGHfgElxAFfkUZ3nIlDw=\n=VETw\n-----END PGP SIGNATURE-----\n. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.7.67-3+squeeze2. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.17-1. \n\nWe recommend that you upgrade your nginx packages. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nDebian update for nginx\n\nSECUNIA ADVISORY ID:\nSA48465\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48465/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48465\n\nRELEASE DATE:\n2012-03-20\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48465/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48465/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48465\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nDebian has issued an update for nginx. This fixes a weakness, which\ncan be exploited by malicious people to disclose certain sensitive\ninformation. \n\nFor more information:\nSA48366\n\nSOLUTION:\nApply updated packages via the apt-get package manager. \n\nORIGINAL ADVISORY:\nDSA-2434-1:\nhttp://www.debian.org/security/2012/dsa-2434\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1180"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002086"
},
{
"db": "BID",
"id": "52578"
},
{
"db": "VULHUB",
"id": "VHN-54461"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "111370"
},
{
"db": "PACKETSTORM",
"id": "111001"
},
{
"db": "PACKETSTORM",
"id": "111045"
},
{
"db": "PACKETSTORM",
"id": "111263"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1180",
"trust": 3.1
},
{
"db": "BID",
"id": "52578",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "48465",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "48577",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1026827",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2012/03/15/5",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2012/03/15/9",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "80124",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002086",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-375",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "111001",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "111370",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-60011",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-54461",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111273",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111045",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111263",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54461"
},
{
"db": "BID",
"id": "52578"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002086"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "111370"
},
{
"db": "PACKETSTORM",
"id": "111001"
},
{
"db": "PACKETSTORM",
"id": "111045"
},
{
"db": "PACKETSTORM",
"id": "111263"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-375"
},
{
"db": "NVD",
"id": "CVE-2012-1180"
}
]
},
"id": "VAR-201204-0228",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54461"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T21:30:53.708000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2012-4006",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076671.html"
},
{
"title": "FEDORA-2012-3991",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076646.html"
},
{
"title": "FEDORA-2012-3846",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html"
},
{
"title": "Changeset 4530",
"trust": 0.8,
"url": "http://trac.nginx.org/nginx/changeset/4530/nginx"
},
{
"title": "Changeset 4531",
"trust": 0.8,
"url": "http://trac.nginx.org/nginx/changeset/4531/nginx"
},
{
"title": "patch.2012.memory.txt",
"trust": 0.8,
"url": "http://nginx.org/download/patch.2012.memory.txt"
},
{
"title": "nginx security advisories",
"trust": 0.8,
"url": "http://nginx.org/en/security_advisories.html"
},
{
"title": "ngx_http_proxy_module",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=42980"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002086"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-375"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54461"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002086"
},
{
"db": "NVD",
"id": "CVE-2012-1180"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.debian.org/security/2012/dsa-2434"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/52578"
},
{
"trust": 2.0,
"url": "http://seclists.org/bugtraq/2012/mar/65"
},
{
"trust": 2.0,
"url": "http://trac.nginx.org/nginx/changeset/4530/nginx"
},
{
"trust": 2.0,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=803856"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1026827"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48465"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48577"
},
{
"trust": 1.7,
"url": "http://osvdb.org/80124"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/077966.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-march/076646.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-march/076671.html"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:043"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2012/03/15/5"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2012/03/15/9"
},
{
"trust": 1.7,
"url": "http://nginx.org/download/patch.2012.memory.txt"
},
{
"trust": 1.7,
"url": "http://nginx.org/en/security_advisories.html"
},
{
"trust": 1.7,
"url": "http://trac.nginx.org/nginx/changeset/4531/nginx"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74191"
},
{
"trust": 1.7,
"url": "https://hermes.opensuse.org/messages/14173096"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1180"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1180"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1180"
},
{
"trust": 0.2,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3896"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4315"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3896"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4315"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48465"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48465/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48465/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48577/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48577/#comments"
},
{
"trust": 0.1,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54461"
},
{
"db": "BID",
"id": "52578"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002086"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "111370"
},
{
"db": "PACKETSTORM",
"id": "111001"
},
{
"db": "PACKETSTORM",
"id": "111045"
},
{
"db": "PACKETSTORM",
"id": "111263"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-375"
},
{
"db": "NVD",
"id": "CVE-2012-1180"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54461"
},
{
"db": "BID",
"id": "52578"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002086"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "111370"
},
{
"db": "PACKETSTORM",
"id": "111001"
},
{
"db": "PACKETSTORM",
"id": "111045"
},
{
"db": "PACKETSTORM",
"id": "111263"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-375"
},
{
"db": "NVD",
"id": "CVE-2012-1180"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-54461"
},
{
"date": "2012-03-15T00:00:00",
"db": "BID",
"id": "52578"
},
{
"date": "2012-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002086"
},
{
"date": "2012-03-29T02:37:12",
"db": "PACKETSTORM",
"id": "111273"
},
{
"date": "2012-03-30T00:15:51",
"db": "PACKETSTORM",
"id": "111370"
},
{
"date": "2012-03-20T15:34:43",
"db": "PACKETSTORM",
"id": "111001"
},
{
"date": "2012-03-21T07:16:12",
"db": "PACKETSTORM",
"id": "111045"
},
{
"date": "2012-03-28T06:36:19",
"db": "PACKETSTORM",
"id": "111263"
},
{
"date": "2012-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-375"
},
{
"date": "2012-04-17T21:55:01.227000",
"db": "NVD",
"id": "CVE-2012-1180"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-54461"
},
{
"date": "2015-04-13T22:13:00",
"db": "BID",
"id": "52578"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002086"
},
{
"date": "2023-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-375"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-1180"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-375"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002086"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-375"
}
],
"trust": 0.6
}
}
VAR-201112-0347
Vulnerability from variot - Updated: 2025-04-11 20:17Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. nginx is prone to a remote heap-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to nginx 1.0.10 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22
http://security.gentoo.org/
Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.0.14 >= 1.0.14
Description
Multiple vulnerabilities have been found in nginx:
- The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555).
- The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896).
- nginx does not properly sanitize user input for the the WebDAV COPY or MOVE methods (CVE-2009-3898).
- The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315).
- nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180).
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-22.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: nginx DNS Response Handling Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46798
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46798/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46798
RELEASE DATE: 2011-11-17
DISCUSS ADVISORY: http://secunia.com/advisories/46798/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46798/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46798
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in nginx, which can be exploited by malicious people to potentially compromise a vulnerable system.
Successful exploitation may allow execution of arbitrary code but requires that the custom DNS resolver is enabled (disabled by default).
SOLUTION: Update to version 1.0.10.
PROVIDED AND/OR DISCOVERED BY: Ben Hawkes
ORIGINAL ADVISORY: nginx: http://nginx.org/en/CHANGES-1.0
Ben Hawkes: http://www.openwall.com/lists/oss-security/2011/11/17/8
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. This fixes a weakness, a security issue, and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), manipulate certain data, and potentially compromise a vulnerable system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0347",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webyast",
"scope": "eq",
"trust": 1.3,
"vendor": "suse",
"version": "1.2"
},
{
"model": "studio onsite",
"scope": "eq",
"trust": 1.3,
"vendor": "suse",
"version": "1.2"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "16"
},
{
"model": "studio",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "1.2"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.10"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.18"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.0.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "1.0.9"
},
{
"model": "studio standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "1.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.9"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.8"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.41"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.36"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.35"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.33"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.32"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.15"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.14"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.66"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.65"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.64"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.62"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.61"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.39"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.38"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.36"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.32"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.5.38"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.5.37"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.5"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "1.0.10"
}
],
"sources": [
{
"db": "BID",
"id": "50710"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-315"
},
{
"db": "NVD",
"id": "CVE-2011-4315"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ben Hawkes",
"sources": [
{
"db": "BID",
"id": "50710"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4315",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2011-4315",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-4315",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-52260",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4315",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-4315",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-315",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52260",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52260"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-315"
},
{
"db": "NVD",
"id": "CVE-2011-4315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. nginx is prone to a remote heap-based buffer-overflow vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. \nVersions prior to nginx 1.0.10 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: nginx: Multiple vulnerabilities\n Date: March 28, 2012\n Bugs: #293785, #293786, #293788, #389319, #408367\n ID: 201203-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.0.14 \u003e= 1.0.14\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in nginx:\n\n* The TLS protocol does not properly handle session renegotiation\n requests (CVE-2009-3555). \n* The \"ngx_http_process_request_headers()\" function in ngx_http_parse.c\n could cause a NULL pointer dereference (CVE-2009-3896). \n* nginx does not properly sanitize user input for the the WebDAV COPY\n or MOVE methods (CVE-2009-3898). \n* The \"ngx_resolver_copy()\" function in ngx_resolver.c contains a\n boundary error which could cause a heap-based buffer overflow\n (CVE-2011-4315). \n* nginx does not properly parse HTTP header responses which could\n expose sensitive information (CVE-2012-1180). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.0.14\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2009-3896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896\n[ 3 ] CVE-2009-3898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898\n[ 4 ] CVE-2011-4315\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315\n[ 5 ] CVE-2012-1180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-22.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nnginx DNS Response Handling Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA46798\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46798/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46798\n\nRELEASE DATE:\n2011-11-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46798/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46798/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46798\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in nginx, which can be exploited by\nmalicious people to potentially compromise a vulnerable system. \n\nSuccessful exploitation may allow execution of arbitrary code but\nrequires that the custom DNS resolver is enabled (disabled by\ndefault). \n\nSOLUTION:\nUpdate to version 1.0.10. \n\nPROVIDED AND/OR DISCOVERED BY:\nBen Hawkes\n\nORIGINAL ADVISORY:\nnginx:\nhttp://nginx.org/en/CHANGES-1.0\n\nBen Hawkes:\nhttp://www.openwall.com/lists/oss-security/2011/11/17/8\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. This fixes a weakness, a\nsecurity issue, and multiple vulnerabilities, which can be exploited\nby malicious people to disclose certain sensitive information, bypass\ncertain security restrictions, cause a DoS (Denial of Service),\nmanipulate certain data, and potentially compromise a vulnerable\nsystem",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4315"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"db": "BID",
"id": "50710"
},
{
"db": "VULHUB",
"id": "VHN-52260"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "107566"
},
{
"db": "PACKETSTORM",
"id": "107076"
},
{
"db": "PACKETSTORM",
"id": "111263"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4315",
"trust": 2.9
},
{
"db": "BID",
"id": "50710",
"trust": 2.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2011/11/17/8",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "47097",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "48577",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2011/11/17/10",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003324",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-315",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "46798",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52260",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111273",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107566",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107076",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111263",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52260"
},
{
"db": "BID",
"id": "50710"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "107566"
},
{
"db": "PACKETSTORM",
"id": "107076"
},
{
"db": "PACKETSTORM",
"id": "111263"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-315"
},
{
"db": "NVD",
"id": "CVE-2011-4315"
}
]
},
"id": "VAR-201112-0347",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-52260"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T20:17:54.286000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CHANGES-1.0",
"trust": 0.8,
"url": "http://www.nginx.org/en/CHANGES-1.0"
},
{
"title": "4268 (nginx)",
"trust": 0.8,
"url": "http://trac.nginx.org/nginx/changeset/4268/nginx"
},
{
"title": "nginx-1.0.10",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=42000"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-315"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52260"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"db": "NVD",
"id": "CVE-2011-4315"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://trac.nginx.org/nginx/changeset/4268/nginx"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/47097"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48577"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/50710"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-december/070569.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html"
},
{
"trust": 1.7,
"url": "http://openwall.com/lists/oss-security/2011/11/17/8"
},
{
"trust": 1.7,
"url": "http://openwall.com/lists/oss-security/2011/11/17/10"
},
{
"trust": 1.7,
"url": "http://www.nginx.org/en/changes-1.0"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4315"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4315"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.3,
"url": "http://www.nginx.org/en/changes"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.3,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3896"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4315"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3896"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4315"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47097"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47097/"
},
{
"trust": 0.1,
"url": "https://hermes.opensuse.org/messages/12768388"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47097/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46798"
},
{
"trust": 0.1,
"url": "http://www.openwall.com/lists/oss-security/2011/11/17/8"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46798/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46798/#comments"
},
{
"trust": 0.1,
"url": "http://nginx.org/en/changes-1.0"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48577"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48577/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48577/#comments"
},
{
"trust": 0.1,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52260"
},
{
"db": "BID",
"id": "50710"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "107566"
},
{
"db": "PACKETSTORM",
"id": "107076"
},
{
"db": "PACKETSTORM",
"id": "111263"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-315"
},
{
"db": "NVD",
"id": "CVE-2011-4315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-52260"
},
{
"db": "BID",
"id": "50710"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"db": "PACKETSTORM",
"id": "111273"
},
{
"db": "PACKETSTORM",
"id": "107566"
},
{
"db": "PACKETSTORM",
"id": "107076"
},
{
"db": "PACKETSTORM",
"id": "111263"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-315"
},
{
"db": "NVD",
"id": "CVE-2011-4315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-52260"
},
{
"date": "2011-11-17T00:00:00",
"db": "BID",
"id": "50710"
},
{
"date": "2011-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"date": "2012-03-29T02:37:12",
"db": "PACKETSTORM",
"id": "111273"
},
{
"date": "2011-12-06T04:14:38",
"db": "PACKETSTORM",
"id": "107566"
},
{
"date": "2011-11-17T02:29:24",
"db": "PACKETSTORM",
"id": "107076"
},
{
"date": "2012-03-28T06:36:19",
"db": "PACKETSTORM",
"id": "111263"
},
{
"date": "2011-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-315"
},
{
"date": "2011-12-08T20:55:01",
"db": "NVD",
"id": "CVE-2011-4315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-52260"
},
{
"date": "2015-04-13T21:13:00",
"db": "BID",
"id": "50710"
},
{
"date": "2011-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003324"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-315"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-4315"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-315"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003324"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-315"
}
],
"trust": 0.6
}
}
VAR-201310-0633
Vulnerability from variot - Updated: 2025-04-11 20:15The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. Nginx is prone to an insecure file-permission vulnerability. Such information could aid in other attacks. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. There is a security vulnerability in the default configuration of nginx 1.3.13 and earlier versions. The vulnerability stems from the fact that the program uses globally readable permissions for the access.log and error.log files. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-04
http://security.gentoo.org/
Severity: Normal Title: nginx: Multiple vulnerabilities Date: October 06, 2013 Bugs: #458726, #468870 ID: 201310-04
Synopsis
Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.4.1-r2 >= 1.4.1-r2
Description
Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Furthermore, a context-dependent attacker may be able to obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.1-r2"
References
[ 1 ] CVE-2013-0337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337 [ 2 ] CVE-2013-2028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028 [ 3 ] CVE-2013-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-04.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0633",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.17"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.2.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.18"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.19"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.4"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.0.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.16"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.3.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.11"
},
{
"model": "nginx",
"scope": "lte",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "1.3.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.14"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.0.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.0.12"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.0.15"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.0.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.0.13"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.0.10"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.11"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.0.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "igor sysoev",
"version": "1.1.10"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "58105"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004911"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-530"
},
{
"db": "NVD",
"id": "CVE-2013-0337"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004911"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Agostino Sarubbo",
"sources": [
{
"db": "BID",
"id": "58105"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-530"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0337",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-0337",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-60339",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-0337",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-0337",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201302-530",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-60339",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60339"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004911"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-530"
},
{
"db": "NVD",
"id": "CVE-2013-0337"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. Nginx is prone to an insecure file-permission vulnerability. Such information could aid in other attacks. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. There is a security vulnerability in the default configuration of nginx 1.3.13 and earlier versions. The vulnerability stems from the fact that the program uses globally readable permissions for the access.log and error.log files. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201310-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: nginx: Multiple vulnerabilities\n Date: October 06, 2013\n Bugs: #458726, #468870\n ID: 201310-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in nginx, the worst of which\nmay allow execution of arbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 1.4.1-r2 \u003e= 1.4.1-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in nginx. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could send a specially crafted request, possibly\nresulting in execution of arbitrary code with the privileges of the\nprocess, or a Denial of Service condition. Furthermore, a\ncontext-dependent attacker may be able to obtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.4.1-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-0337\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337\n[ 2 ] CVE-2013-2028\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028\n[ 3 ] CVE-2013-2070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201310-04.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0337"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004911"
},
{
"db": "BID",
"id": "58105"
},
{
"db": "VULHUB",
"id": "VHN-60339"
},
{
"db": "PACKETSTORM",
"id": "123516"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-60339",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60339"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0337",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "55181",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2013/02/24/1",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2013/02/21/15",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2013/02/22/1",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004911",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201302-530",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1717",
"trust": 0.6
},
{
"db": "BID",
"id": "58105",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "123516",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-60339",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60339"
},
{
"db": "BID",
"id": "58105"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004911"
},
{
"db": "PACKETSTORM",
"id": "123516"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-530"
},
{
"db": "NVD",
"id": "CVE-2013-0337"
}
]
},
"id": "VAR-201310-0633",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-60339"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T20:15:47.137000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GLSA 201310-04",
"trust": 0.8,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201310-04.xml"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://nginx.org/ja/"
},
{
"title": "Nginx \u2018access.log\u2019 Fixes for insecure file permissions vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=90786"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004911"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-530"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60339"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004911"
},
{
"db": "NVD",
"id": "CVE-2013-0337"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://secunia.com/advisories/55181"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-201310-04.xml"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2013/02/22/1"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/15"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2013/02/24/1"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0337"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0337"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1717/"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2013/q1/389"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2070"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0337"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2028"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2028"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60339"
},
{
"db": "BID",
"id": "58105"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004911"
},
{
"db": "PACKETSTORM",
"id": "123516"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-530"
},
{
"db": "NVD",
"id": "CVE-2013-0337"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-60339"
},
{
"db": "BID",
"id": "58105"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004911"
},
{
"db": "PACKETSTORM",
"id": "123516"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-530"
},
{
"db": "NVD",
"id": "CVE-2013-0337"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-60339"
},
{
"date": "2013-02-21T00:00:00",
"db": "BID",
"id": "58105"
},
{
"date": "2013-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004911"
},
{
"date": "2013-10-07T22:29:42",
"db": "PACKETSTORM",
"id": "123516"
},
{
"date": "2013-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201302-530"
},
{
"date": "2013-10-27T00:55:03.713000",
"db": "NVD",
"id": "CVE-2013-0337"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-60339"
},
{
"date": "2015-04-13T22:05:00",
"db": "BID",
"id": "58105"
},
{
"date": "2013-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004911"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201302-530"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-0337"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201302-530"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx Vulnerability in which important information is obtained in default settings",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004911"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201302-530"
}
],
"trust": 0.6
}
}
VAR-200909-0576
Vulnerability from variot - Updated: 2025-04-10 23:12Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Nginx A web server contains a buffer underrun vulnerability. Nginx Is offered for various platforms HTTP Server and mail proxy server. Nginx Is ngx_http_parse_complex_uri() There was a problem with the function and it was crafted URI A buffer underrun may occur when processing.nginx Consists of a privileged master process and an unprivileged worker process. Arbitrary code execution or denial of service by a remote third party with the authority of a worker process (DoS) There is a possibility of being attacked. The 'nginx' program is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 0.7.62 >= 0.5.38 >= 0.6.39 >= 0.7.62
Description
Chris Ries reported a heap-based buffer underflow in the ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when parsing the request URI. NOTE: By default, nginx runs as the "nginx" user.
Workaround
There is no known workaround at this time.
Resolution
All nginx 0.5.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38
All nginx 0.6.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39
All nginx 0.7.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62
References
[ 1 ] CVE-2009-2629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200909-18.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-1884-1 security@debian.org http://www.debian.org/security/ Nico Golde September 14th, 2009 http://www.debian.org/security/faq
Package : nginx Vulnerability : buffer underflow Problem type : remote Debian-specific: no CVE ID : CVE-2009-2629
Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests.
For the oldstable distribution (etch), this problem has been fixed in version 0.4.13-2+etch2.
For the stable distribution (lenny), this problem has been fixed in version 0.6.32-3+lenny2.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in version 0.7.61-3.
We recommend that you upgrade your nginx packages.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
Debian (oldstable)
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb Size/MD5 checksum: 185032 15212749985501b223af7888447fc433
Debian GNU/Linux 5.0 alias lenny
Debian (stable)
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz Size/MD5 checksum: 10720 b2c8f555b7de4ac17b2c98247fd2ae6b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz Size/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb Size/MD5 checksum: 297782 dc05cbf94712134298acdedad2a4e85d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb Size/MD5 checksum: 268518 58dc10022dd7b20ff58a4b839be62a43
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb Size/MD5 checksum: 251688 7f5a9499de8ba40ae2caea7de183b966
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb Size/MD5 checksum: 282324 f0264b98d0564f51692292c0ec269a19
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb Size/MD5 checksum: 253060 a64340fa3a9a5b58e23267f13abfeeed
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb Size/MD5 checksum: 420004 a2e6de141194e41a60893b0b2c457f28
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb Size/MD5 checksum: 283220 04407318230621467ea3a42bfb11d724
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb Size/MD5 checksum: 283444 0bd0eb1e415d7d6877a95e21ddb91fa7
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb Size/MD5 checksum: 276056 fae6451ab5ac767f93d3229a9e01f3bf
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb Size/MD5 checksum: 256778 df6a47fe174736468910a4166fe0a064
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl pZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH =Xrul -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200909-0576",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "11"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.15"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.0"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "0.7.62"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "4.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "10"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "12"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "0.5.38"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.39"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
},
{
"model": "nginx",
"scope": "lte",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.1.0 from 0.5.37"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.6.39 earlier"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.7.62 earlier"
},
{
"model": "nginx",
"scope": "lt",
"trust": 0.8,
"vendor": "igor sysoev",
"version": "0.8.15 earlier"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.5"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.4"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.8"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.7"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.6"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.9"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.2"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.3"
},
{
"model": "nginx",
"scope": "eq",
"trust": 0.6,
"vendor": "nginx",
"version": "0.1.10"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.14"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.61"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.38"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0.5.37"
},
{
"model": "sysoev nginx",
"scope": "eq",
"trust": 0.3,
"vendor": "igor",
"version": "0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "0.8.15"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "0.7.62"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "0.6.39"
},
{
"model": "sysoev nginx",
"scope": "ne",
"trust": 0.3,
"vendor": "igor",
"version": "0.5.38"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180065"
},
{
"db": "BID",
"id": "36384"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-302"
},
{
"db": "NVD",
"id": "CVE-2009-2629"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:igor_sysoev:nginx",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Ries",
"sources": [
{
"db": "BID",
"id": "36384"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-302"
}
],
"trust": 0.9
},
"cve": "CVE-2009-2629",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2009-2629",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-40075",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-2629",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#180065",
"trust": 0.8,
"value": "4.22"
},
{
"author": "NVD",
"id": "CVE-2009-2629",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200909-302",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-40075",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180065"
},
{
"db": "VULHUB",
"id": "VHN-40075"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-302"
},
{
"db": "NVD",
"id": "CVE-2009-2629"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Nginx A web server contains a buffer underrun vulnerability. Nginx Is offered for various platforms HTTP Server and mail proxy server. Nginx Is ngx_http_parse_complex_uri() There was a problem with the function and it was crafted URI A buffer underrun may occur when processing.nginx Consists of a privileged master process and an unprivileged worker process. Arbitrary code execution or denial of service by a remote third party with the authority of a worker process (DoS) There is a possibility of being attacked. The \u0027nginx\u0027 program is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/nginx \u003c 0.7.62 *\u003e= 0.5.38\n *\u003e= 0.6.39\n \u003e= 0.7.62\n\nDescription\n===========\n\nChris Ries reported a heap-based buffer underflow in the\nngx_http_parse_complex_uri() function in http/ngx_http_parse.c when\nparsing the request URI. NOTE: By default, nginx runs as the \"nginx\" user. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll nginx 0.5.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38\n\nAll nginx 0.6.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39\n\nAll nginx 0.7.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62\n\nReferences\n==========\n\n [ 1 ] CVE-2009-2629\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200909-18.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2009 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1884-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nSeptember 14th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : nginx\nVulnerability : buffer underflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-2629\n\nChris Ries discovered that nginx, a high-performance HTTP server, reverse\nproxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when\nprocessing certain HTTP requests. \n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.4.13-2+etch2. \n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.6.32-3+lenny2. \n\nFor the testing distribution (squeeze), this problem will be fixed soon. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.7.61-3. \n\n\nWe recommend that you upgrade your nginx packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz\n Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz\n Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc\n Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb\n Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb\n Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb\n Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb\n Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb\n Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb\n Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb\n Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb\n Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb\n Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb\n Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb\n Size/MD5 checksum: 185032 15212749985501b223af7888447fc433\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc\n Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz\n Size/MD5 checksum: 10720 b2c8f555b7de4ac17b2c98247fd2ae6b\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz\n Size/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb\n Size/MD5 checksum: 297782 dc05cbf94712134298acdedad2a4e85d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb\n Size/MD5 checksum: 268518 58dc10022dd7b20ff58a4b839be62a43\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb\n Size/MD5 checksum: 251688 7f5a9499de8ba40ae2caea7de183b966\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb\n Size/MD5 checksum: 282324 f0264b98d0564f51692292c0ec269a19\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb\n Size/MD5 checksum: 253060 a64340fa3a9a5b58e23267f13abfeeed\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb\n Size/MD5 checksum: 420004 a2e6de141194e41a60893b0b2c457f28\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb\n Size/MD5 checksum: 283220 04407318230621467ea3a42bfb11d724\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb\n Size/MD5 checksum: 283444 0bd0eb1e415d7d6877a95e21ddb91fa7\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb\n Size/MD5 checksum: 276056 fae6451ab5ac767f93d3229a9e01f3bf\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb\n Size/MD5 checksum: 256778 df6a47fe174736468910a4166fe0a064\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl\npZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH\n=Xrul\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2629"
},
{
"db": "CERT/CC",
"id": "VU#180065"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"db": "BID",
"id": "36384"
},
{
"db": "VULHUB",
"id": "VHN-40075"
},
{
"db": "PACKETSTORM",
"id": "81454"
},
{
"db": "PACKETSTORM",
"id": "81284"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-40075",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40075"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#180065",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2009-2629",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002152",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200909-302",
"trust": 0.7
},
{
"db": "BID",
"id": "36384",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "81454",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "81284",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-87569",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-69732",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "14830",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-40075",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180065"
},
{
"db": "VULHUB",
"id": "VHN-40075"
},
{
"db": "BID",
"id": "36384"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"db": "PACKETSTORM",
"id": "81454"
},
{
"db": "PACKETSTORM",
"id": "81284"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-302"
},
{
"db": "NVD",
"id": "CVE-2009-2629"
}
]
},
"id": "VAR-200909-0576",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-40075"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:12:48.821000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://nginx.net/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40075"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"db": "NVD",
"id": "CVE-2009-2629"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/180065"
},
{
"trust": 2.5,
"url": "http://www.debian.org/security/2009/dsa-1884"
},
{
"trust": 2.0,
"url": "http://nginx.net/changes-0.5"
},
{
"trust": 2.0,
"url": "http://nginx.net/changes-0.6"
},
{
"trust": 2.0,
"url": "http://nginx.net/changes-0.7"
},
{
"trust": 1.7,
"url": "http://sysoev.ru/nginx/patch.180065.txt"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html"
},
{
"trust": 1.4,
"url": "http://nginx.net/changes"
},
{
"trust": 0.9,
"url": "http://security.gentoo.org/glsa/glsa-200909-18.xml"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2629"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu180065/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2629"
},
{
"trust": 0.3,
"url": "http://nginx.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2629"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180065"
},
{
"db": "VULHUB",
"id": "VHN-40075"
},
{
"db": "BID",
"id": "36384"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"db": "PACKETSTORM",
"id": "81454"
},
{
"db": "PACKETSTORM",
"id": "81284"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-302"
},
{
"db": "NVD",
"id": "CVE-2009-2629"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#180065"
},
{
"db": "VULHUB",
"id": "VHN-40075"
},
{
"db": "BID",
"id": "36384"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"db": "PACKETSTORM",
"id": "81454"
},
{
"db": "PACKETSTORM",
"id": "81284"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-302"
},
{
"db": "NVD",
"id": "CVE-2009-2629"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#180065"
},
{
"date": "2009-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-40075"
},
{
"date": "2009-09-14T00:00:00",
"db": "BID",
"id": "36384"
},
{
"date": "2009-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"date": "2009-09-19T16:50:46",
"db": "PACKETSTORM",
"id": "81454"
},
{
"date": "2009-09-15T04:05:55",
"db": "PACKETSTORM",
"id": "81284"
},
{
"date": "2009-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200909-302"
},
{
"date": "2009-09-15T22:30:00.233000",
"db": "NVD",
"id": "CVE-2009-2629"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-21T00:00:00",
"db": "CERT/CC",
"id": "VU#180065"
},
{
"date": "2021-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-40075"
},
{
"date": "2015-05-07T17:02:00",
"db": "BID",
"id": "36384"
},
{
"date": "2009-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002152"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200909-302"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-2629"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "81454"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-302"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#180065"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200909-302"
}
],
"trust": 0.6
}
}
CERTFR-2025-AVI-0886
Vulnerability from certfr_avis - Published: 2025-10-16 - Updated: 2025-10-16
De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IP Next | BIG-IP Next pour Kubernetes versions 2.1.x antérieures à 2.1.0 EHF-2 | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 1.7.x antérieures à 1.7.15 EHF-2 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 15.1.x antérieures à 15.1.10.8 | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions 2.x antérieures à 2.1.0 EHF-1 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 17.5.x antérieures à 17.5.1.3 | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 2.x antérieures à 2.1.0 EHF-1 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 17.1.x antérieures à 17.1.3 | ||
| F5 | NGINX | NGINX App Protect WAF versions antérieures à 4.7.0 | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions 1.4.x antérieures à 1.4.0 EHF-3 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 16.1.x antérieures à 16.1.6.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IP Next pour Kubernetes versions 2.1.x ant\u00e9rieures \u00e0 2.1.0 EHF-2",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 1.7.x ant\u00e9rieures \u00e0 1.7.15 EHF-2",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.8",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions 2.x ant\u00e9rieures \u00e0 2.1.0 EHF-1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 17.5.x ant\u00e9rieures \u00e0 17.5.1.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 2.x ant\u00e9rieures \u00e0 2.1.0 EHF-1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 17.1.x ant\u00e9rieures \u00e0 17.1.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX App Protect WAF versions ant\u00e9rieures \u00e0 4.7.0",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions 1.4.x ant\u00e9rieures \u00e0 1.4.0 EHF-3",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 16.1.x ant\u00e9rieures \u00e0 16.1.6.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-48008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48008"
},
{
"name": "CVE-2025-53521",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53521"
},
{
"name": "CVE-2025-54858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54858"
},
{
"name": "CVE-2025-59478",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59478"
},
{
"name": "CVE-2025-61990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61990"
},
{
"name": "CVE-2025-55670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55670"
},
{
"name": "CVE-2025-58153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58153"
},
{
"name": "CVE-2025-58071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58071"
},
{
"name": "CVE-2025-55036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55036"
},
{
"name": "CVE-2025-53868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53868"
},
{
"name": "CVE-2025-60015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60015"
},
{
"name": "CVE-2025-59481",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59481"
},
{
"name": "CVE-2025-54479",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54479"
},
{
"name": "CVE-2025-41430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41430"
},
{
"name": "CVE-2025-59483",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59483"
},
{
"name": "CVE-2025-59778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59778"
},
{
"name": "CVE-2025-59268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59268"
},
{
"name": "CVE-2025-53860",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53860"
},
{
"name": "CVE-2025-54805",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54805"
},
{
"name": "CVE-2025-61935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61935"
},
{
"name": "CVE-2025-57780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57780"
},
{
"name": "CVE-2025-61938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61938"
},
{
"name": "CVE-2025-61951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61951"
},
{
"name": "CVE-2025-59781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59781"
},
{
"name": "CVE-2025-53474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53474"
},
{
"name": "CVE-2025-58096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58096"
},
{
"name": "CVE-2025-61974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61974"
},
{
"name": "CVE-2025-53856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53856"
},
{
"name": "CVE-2025-58424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58424"
},
{
"name": "CVE-2025-60013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60013"
},
{
"name": "CVE-2025-60016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60016"
},
{
"name": "CVE-2025-47150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47150"
},
{
"name": "CVE-2025-58120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58120"
},
{
"name": "CVE-2025-61958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61958"
},
{
"name": "CVE-2025-59269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59269"
},
{
"name": "CVE-2025-54854",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54854"
},
{
"name": "CVE-2025-54755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54755"
},
{
"name": "CVE-2025-61955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61955"
},
{
"name": "CVE-2025-61960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61960"
},
{
"name": "CVE-2025-58474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58474"
},
{
"name": "CVE-2025-61933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61933"
},
{
"name": "CVE-2025-47148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47148"
},
{
"name": "CVE-2025-29481",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29481"
},
{
"name": "CVE-2025-46706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46706"
},
{
"name": "CVE-2025-55669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55669"
}
],
"initial_release_date": "2025-10-16T00:00:00",
"last_revision_date": "2025-10-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0886",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000156572",
"url": "https://my.f5.com/manage/s/article/K000156572"
}
]
}
CERTFR-2025-AVI-0710
Vulnerability from certfr_avis - Published: 2025-08-19 - Updated: 2025-08-19
De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IP Next | BIG-IP Next for Kubernetes versions 2.x antérieures à 2.0.0 | ||
| F5 | NGINX Plus | NGINX Plus versions R33 antérieures à R33 P3 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 17.5.x antérieures à Hotfix-BIGIP-17.5.1.0.80.7-ENG.iso3 | ||
| F5 | NGINX | NGINX Open Source versions 0.7.22 à 1.29.0 antérieures à 1.29.1 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 17.1.x antérieures à Hotfix-BIGIP-17.1.2.2.0.259.12-ENG.iso3 | ||
| F5 | BIG-IP Next | BIG-IP Next for Kubernetes versions 2.0.0 | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions 2.0.0 à 2.0.2 et 1.1.0 à 1.4.1 | ||
| F5 | BIG-IP Next | BIG-IP Next (tous les modules) versions 20.x antérieures à 20.3.0 | ||
| F5 | BIG-IP Next | BIG-IP Next (tous les modules) versions 20.3.0 | ||
| F5 | BIG-IP | BIG-IP (APM) versions 17.1.x antérieures à 17.1.2.2 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 16.1.0 à 16.1.5 antérieures à 16.1.6 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 17.x antérieures à 17.1.0 - 17.1.2 | ||
| F5 | NGINX Plus | NGINX Plus versions R34 antérieures à R34 P2 | ||
| F5 | NGINX Plus | NGINX Plus versions antérieures à R35 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 16.1.x antérieures à Hotfix-BIGIP-16.1.6.0.27.3-ENG.iso3 | ||
| F5 | NGINX Plus | NGINX Plus versions antérieures à R32 P3 | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 2.0.0 à 2.0.2 et 1.7.0 à 1.9.2 | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 2.0.x antérieures à 2.0.2 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 17.1.0 à 17.1.2 antérieures à 17.1.2.2 | ||
| F5 | BIG-IP | BIG-IP (APM) versions 17.5.0 à 17.5.1, 17.1.0 à 17.1.2, 16.1.0 à 16.1.6 et 15.1.0 à 15.1.10 | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions 2.x antérieures à 2.0.0 - 2.0.2 | ||
| F5 | BIG-IP | BIG-IP (APM) versions 16.1.x antérieures à 16.1.6 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IP Next for Kubernetes versions 2.x ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Plus versions R33 ant\u00e9rieures \u00e0 R33 P3",
"product": {
"name": "NGINX Plus",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 17.5.x ant\u00e9rieures \u00e0 Hotfix-BIGIP-17.5.1.0.80.7-ENG.iso3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Open Source versions 0.7.22 \u00e0 1.29.0 ant\u00e9rieures \u00e0 1.29.1",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 17.1.x ant\u00e9rieures \u00e0 Hotfix-BIGIP-17.1.2.2.0.259.12-ENG.iso3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next for Kubernetes versions 2.0.0",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions 2.0.0 \u00e0 2.0.2 et 1.1.0 \u00e0 1.4.1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next (tous les modules) versions 20.x ant\u00e9rieures \u00e0 20.3.0",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next (tous les modules) versions 20.3.0",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (APM) versions 17.1.x ant\u00e9rieures \u00e0 17.1.2.2",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 16.1.0 \u00e0 16.1.5 ant\u00e9rieures \u00e0 16.1.6",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 17.x ant\u00e9rieures \u00e0 17.1.0 - 17.1.2",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Plus versions R34 ant\u00e9rieures \u00e0 R34 P2",
"product": {
"name": "NGINX Plus",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Plus versions ant\u00e9rieures \u00e0 R35",
"product": {
"name": "NGINX Plus",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 16.1.x ant\u00e9rieures \u00e0 Hotfix-BIGIP-16.1.6.0.27.3-ENG.iso3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Plus versions ant\u00e9rieures \u00e0 R32 P3",
"product": {
"name": "NGINX Plus",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 2.0.0 \u00e0 2.0.2 et 1.7.0 \u00e0 1.9.2",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 2.0.x ant\u00e9rieures \u00e0 2.0.2",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 17.1.0 \u00e0 17.1.2 ant\u00e9rieures \u00e0 17.1.2.2",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (APM) versions 17.5.0 \u00e0 17.5.1, 17.1.0 \u00e0 17.1.2, 16.1.0 \u00e0 16.1.6 et 15.1.0 \u00e0 15.1.10",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions 2.x ant\u00e9rieures \u00e0 2.0.0 - 2.0.2",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (APM) versions 16.1.x ant\u00e9rieures \u00e0 16.1.6",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-53859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53859"
},
{
"name": "CVE-2025-54500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54500"
},
{
"name": "CVE-2025-54809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54809"
},
{
"name": "CVE-2025-52585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52585"
},
{
"name": "CVE-2025-48500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48500"
},
{
"name": "CVE-2025-46405",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46405"
}
],
"initial_release_date": "2025-08-19T00:00:00",
"last_revision_date": "2025-08-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0710",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": "2025-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000141436",
"url": "https://my.f5.com/manage/s/article/K000141436"
},
{
"published_at": "2025-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000152635",
"url": "https://my.f5.com/manage/s/article/K000152635"
},
{
"published_at": "2025-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000151546",
"url": "https://my.f5.com/manage/s/article/K000151546"
},
{
"published_at": "2025-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000152001",
"url": "https://my.f5.com/manage/s/article/K000152001"
},
{
"published_at": "2025-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000152049",
"url": "https://my.f5.com/manage/s/article/K000152049"
},
{
"published_at": "2025-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000151782",
"url": "https://my.f5.com/manage/s/article/K000151782"
}
]
}